14603 matches found
Smart App Banner < 1.1.2 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
Groundhogg <= 2.7.9.8 - Privilege Escalation via CSRF
The plugin lacks CSRF protection when generating the auto login link through a shortcode, enabling attackers to manipulate the assigned user in the link...
Groundhogg < 2.7.9.8 - Disable All Plugins via CSRF
The plugin does not have CSRF check when enabling Safe-mode on the plugin, which could allow attackers to make logged-in admins perform such action via a CSRF attack leading to disabling all other plugins...
Groundhogg < 2.7.8.9 - Ticket Creation via CSRF
The plugin does not have CSRF check when creating a support ticket to the plugin author, which could allow attackers to make logged-in admins perform such action via a CSRF attack...
WooDiscuz – WooCommerce Comments < 2.3.0 - Admin+ Stored XSS
The plugin is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary we...
Groundhogg <= 2.7.9.8 - Lack of Authorization for Non-Arbitrary File upload
The plugin fails to validate the destination contact for the file upload, allowing any Subscriber+ user to upload files to arbitrary contacts...
Groundhogg < 2.7.9.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
BP Social Connect < 1.6.2 - Authentication Bypass
The plugin does not properly verify the user through its Facebook login, which could allow attackers to login as any user knowing their email address...
UpdraftPlus < 1.23.4 - CSRF
The plugin does not have CSRF check in the actionauthenticatestorage, which could allow attackers to make logged in admins inject JavaScript into a parameter in the authentication process via a CSRF attack when they can trick an admin to perform multiple actions including re-authenticating a...
Jazz Popups <= 1.8.7 - Unauthenticated Reflected Cross-Site Scripting
The plugin does not properly sanitize user input, leading to a potential Reflected Cross-Site Scripting XSS vulnerability...
WeSecur Security <= 1.2.1 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize and escape user input, leading to a stored XSS vulnerability...
Scripts n Styles < 3.5.8 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Better Notifications for WP < 1.9.3 - Cross-Site Request Forgery (CSRF)
The plugin does not protect its handleactions function against CSRF attacks, allowing an unauthenticated attacker to enable or disable notifications by tricking a logged in administrator to submit a crafted request...
Performance Lab < 2.3.0 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Baidu Tongji generator <= 1.0.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
MStore API < 3.9.1 - Authentication Bypass
The plugin does not properly verify the user provided when redemption coupons via its REST API, allowing unauthenticated users to login as an arbitrary user by providing their ID...
Waiting: One-click countdowns <= 0.6.2 - Subscriber+ Stored XSS
The plugin does not sanitise and escape some parameters, and is missing proper authorisation, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks...
WP < 6.2.1 - Thumbnail Image Update via CSRF
Description WordPress does not have CSRF check when updating the thumbnail image associated with existing attachments, which could allow attackers to make logged in admins update them via a CSRF attack...
WP < 6.2.2 - Shortcode Execution in User Generated Data
Description WordPress allows shortcode to be executed in user generated data via block themes, which could allow unauthenticated users to execute shortcode via comments for instance...
WP Activity Log < 4.5.2 - Subscriber+ Information Leak
The plugin does not properly implement a capability check on the handleajaxcall function, leading to an authorization bypass that allows authenticated users to obtain a list of users' information, including ids, usernames, and emails...
WP < 6.2.1 - Directory Traversal via Translation Files
Description WordPress is affected by a directory traversal via the wplang parameter, which could allow attacker to load arbitrary translation files...
WP < 6.2.1 - Contributor+ Content Injection
Description WordPress does not properly sanitise block attributes, which could allow users with a role of Contributor and above to perform content injection in comments on blog using a theme compatible with a block editor...
WP < 6.2.1 - Contributor+ Stored XSS via Open Embed Auto Discovery
Description WordPress does not validate the protocol when processing oEmbed discovery, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks...
File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC fileup class='" onmouseover="alert1"'...
Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting
The plugin does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. PoC 1. Publish the default form to a page by clicking on "Contact Form to Email" in the sidebar, and the "Publish" button beside the form name. 2. Visit the form on the frontend...
Multiple Page Generator < 3.3.18 - SQLi via CSRF
The plugin does not have CSRF check in the projectslist function, and does not escape the orderly & order parameters before using them in a SQL statement, which could allow attackers to make logged in administrators perform SQL Injection and lead to DoS via a CSRF attack...
Photo Gallery by Ays < 5.1.7 - Reflected XSS
The plugin does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open one of the URLs below v 5.1.7 -...
Zotpress < 7.3.4 - Unauthenticated Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PixelYourSite < 9.6.2 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize input and escape output in admin settings, leading to Stored Cross-Site Scripting vulnerabilities. This issue affects multi-site installations and installations with disabled unfilteredhtml...
Multiple Page Generator < 3.3.18 - Admin+ SQLi
The plugin does not escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
Contact Form by Supsystic < 1.7.25 - CSRF
The plugin does not have CSRF checks in their AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
OTP Login Woocommerce & Gravity Forms < 2.3 - Unauthenticated Privilege Escalation
The plugin returns generated OTP codes for users to use when using the logging in via phone number feature, allowing unauthenticated users to retrieve them for arbitrary accounts and be able to login as any user, including administrator granted they know the related phone number...
Quiz Maker < 6.4.2.7 - Reflected XSS
The plugin does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below other URL are also affected...
WooCommerce Ship to Multiple Addresses < 3.8.4 - Subscriber+ Shipping Address Disclosure via IDOR
The plugin does not ensure that the order to display the shipping address from belong to the user making the request, allowing any authenticated users, such as subscriber to view other shipping addresses via an IDOR PoC https://example.com/checkout/shipping-addresses/?orderid=106...
Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal
The plugin does not validate file path, allowing unauthenticated users to upload files to arbitrary folders...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a pag...
WooCommerce Composite Products < 8.7.6 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC On a page where a Component Product is displayed, append...
WooCommerce Brands < 1.6.46 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add a Brand with an image, and assign it...
Video Gallery < 1.0.11 - Reflected XSS
The plugin does not sanitise and escape the searchterm parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
video carousel slider with lightbox < 1.0.23 - Reflected XSS
The plugin does not sanitise and escape the searchterm parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
ConvertKit < 2.2.1 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
Stop Spammers Security < 2023 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...
MW WP Form < 4.4.3 - Unauthenticated Path Traversal
The plugin does not validate file path, allowing unauthenticated users to upload files to arbitrary location...
Stop Spammers Security < 2023 - Reflected XSS
The plugin does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the code below...
WP Register Profile With Shortcode <= 3.5.7 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Active Directory Integration < 4.1.5 - SQL Injection via CSRF
The plugin does not properly verify nonces and sufficiently escape user-supplied parameters, leading to Cross-Site Request Forgery and time-based SQL Injection vulnerabilities via the orderby and order parameters...
Get Your Number <= 1.1.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the plugin's settings, enter the payload...
DBargain <= 3.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Multi Store Locator <= 2.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC storelocatorshow location="'; alert1;...
Download Manager < 3.2.71 - Contributor+ Stored Cross-Site Scripting
The plugin does not properly sanitize and escape user-supplied attributes in 'wpdmmembers', 'wpdmloginform', and 'wpdmregform' shortcodes, leading to Stored Cross-Site Scripting vulnerabilities...