14603 matches found
IP Metaboxes <= 2.1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Product Gallery Slider for WooCommerce < 2.2.9 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an attacker to trick a logged in high privileged user to perform actions on their behalf by submitting a crafted request...
Download < 2.0.5 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an attacker to trick a logged in high privilege user to perform actions on their behalf by submitting a crafted request...
WP Tiles <= 1.1.2 - Cross-Site Request Forgery
The plugin does not properly validate and verify requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...
Kopa Framework <= 1.3.5 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn't provide enough information on which actions could be performed...
Download < 1.1.0 - Cross-Site Request Forgery
The plugin does not properly validate and verify user requests use nonces, making it susceptible to Cross-Site Request Forgery CSRF attacks...
Booking Ultra Pro < 1.1.7 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn't provide enough information on which actions could be performed...
Store Locator <= 3.98.7 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
MStore API < 3.9.3 - Authentication Bypass
The plugin does not properly verify the user provided when adding listing via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...
JetFormBuilder < 3.0.7 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.6.6 - File Upload and File deletion via CSRF
The plugin is lacking CSRF and validation when uploading or deleting files, which could allow attackers to make a logged-in admin upload or delete files via a CSRF attack...
WooCommerce Product Vendors < 2.1.77 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
Conditional Menus < 1.2.1 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the HTML code below...
Flickr Justified Gallery <= 3.5 - Cross-Site Request Forgery
The plugin does not properly validate incoming requests using nonces, leading to a potential Cross-Site Request Forgery CSRF vulnerability...
WP Custom Cursors < 3.2 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. PoC 1. Add a new "WP Custom Cursor". 2. Return to the "WP Custom Cursors" page and click edit Cursor. 3.The WP Custom...
Easy Google Maps < 1.11.8 - Cross-Site Request Forgery (CSRF)
The plugin does not protect its ajax actions against CSRF attacks, allowing an attacker to trick a logged in high privilege user to perform actions on their behalf by submitting a crafted request...
Upload Resume <= 1.2.0 - Captcha Bypass
The plugin does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site. PoC The PoC will be displayed once the issue has been remediated...
ReviewX < 1.6.14 - Subscriber+ Privilege Escalation
The plugin does not validate parameters passed to the rxsetscreenoptions function, allowing any authenticated users, such as subscriber to set themselves as administrators...
Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Incorrect Authorization leading to Arbitrary File Upload
The plugin lacks proper authorization on the file upload feature, making it possible for authenticated users, who belong to specific roles defined by the administrator, to upload arbitrary files...
Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Broken Access Control
The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions...
Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Contributor+ PHP Object Injection via shortcode
The plugin does not sanitize the data parameter of its gopricing shortcode before unserializing it, which could allow users with a role as low as a contributor to perform PHP Object Injection attacks if a suitable gadget chain is found on the site...
Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Ultimate Dashboard - Settings -...
WordPress File Upload < 4.19.2 - Admin+ Path Traversal
The plugin does not properly prevent attackers from modifying the target path to which the plugin will move files, via the wfunewpath parameter. This could allow administrators to move files outside of the site's root, which may be a problem in multisite configurations...
WordPress File Upload and WordPress File Upload Pro < 4.19.2 - Admin+ Stored Cross-Site Scripting
The plugin does not properly escape and sanitize user input coming from users with the administrator role in the plugin's settings, which is a problem in multisite configurations...
MStore API < 3.9.2 - Authentication Bypass
The plugin does not properly verify the user provided when syncing their cart via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...
WooCommerce Warranty Requests < 2.1.7 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below v = 2.1.6...
Leyka < 3.30.3 - Subscriber+ Privilege Escalation
The plugin does not validate password to be updated, allowing any authenticated user, such as subscriber to set the password of another user...
Icegram Engage < 3.1.12 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
MailChimp Subscribe Forms < 4.0.9.2 - Admin+ Stored XSS
The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
WooCommerce Follow-Up Emails < 4.9.50 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
WP-Piwik < 1.0.28 - Admin+ Stored XSS
The plugin does not sanitize and escape the plugin display name field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Integration for Contact Form 7 and Zoho CRM, Bigin < 1.2.4 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC 1. Send a GET request with...
Contact Form Entries < 1.3.1 - Contributor+ Stored XSS
The plugin does not sanitize and escape the vx-entries shortcode attributes before using them, which could allow a logged in user with roles as low as contributor to inject arbitrary web scripts into posts or pages...
Leyka < 3.30.2 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Multiple Plugins from Wow-Company - Reflected XSS
The plugins do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below The XSS will be triggered when pressing...
Responsive Tabs For WPBakery Page Builder <= 1.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: The plugin requires WPBakery Page...
BEAR < 1.1.3.2 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
Duplicator Pro < 4.5.11.1 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
Easy Forms for Mailchimp < 6.8.9 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC When the debug settings is enabled ie...
Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn't provide enough information on which actions could be performed...
qubotchat < 1.1.6 - Unauthenticated Stored XSS
The plugin doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. PoC 1. Enter " as the malicious payload into the chatbot input. 2. See XSS vulnerability...
Rank Math SEO PRO < 3.0.36 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, allowing an unauthenticated attacker to inject web scripts that will execute when a visitor follows a crafted link to the page...
WooCommerce Follow-Up Emails < 4.9.50 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Go to plugin settings under "WPBot Lite Simple Text Responses" 2. Enter the payload Test Query"...
EventPrime < 3.0.0 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
WIP Custom Login < 1.3.0 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
Revolution Slider <= 6.6.12 - Author+ Remote Code Execution
The plugin does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow...
Qubotchat < 1.1.6 – Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Add a "button" to the chatbot 2. In the...
Novelist < 1.2.1 - Admin+ Stored XSS
The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...