14603 matches found
Maintenance Switch <= 1.5.2 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Search Analytics < 1.4.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Administrator to perform Cross-Site Scripting attacks...
Mass Email To users < 1.1.5 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
User IP and Location < 2.2.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP-CORS <= 0.2.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Photo Gallery Slideshow & Masonry Tiled Gallery < 1.0.14 - Reflected Cross-Site Scripting
The plugin does not properly sanitize and escape the searchterm parameter, leading to Reflected Cross-Site Scripting vulnerability...
Booking Manager < 2.0.29 - Subscriber+ SSRF
The plugin does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network. PoC As an admin: Type in an internal URL for example...
ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC clickfunnelsembed url="javascript:alert1"...
Image Optimizer by 10web < 1.0.27 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the iowdtabsactive parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link. PoC Make a logged in...
SEO ALert <= 1.59 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Vanilla Beans » SEO Alert. 2. In...
WP Inventory Manager < 2.1.0.13 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. PoC 1. Go to WP Inventory Inventory Items and create a new Inventory Item. 2. Create a page and add the wpinventory shortcode. 3. View the new page on the...
WooCommerce Multivendor Marketplace – REST API < 1.6.0 - Subscriber+ Arbitrary Orders Item And Notes Update
The plugin does not properly implement capability checks on the 'getitem', 'getordernotes', and 'addordernote' functions, leading to potential unauthorized access and addition of those items by authenticated users with subscriber privileges or above...
Tiempo.com <= 0.1.2 - Stored XSS via CSRF
The plugin does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open a page with the code below...
Ko-fi Button < 1.3.3 - Admin+ Stored XSS
The plugin does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk. PoC 1. In the Kofi plugin settings,...
Shield Security < 17.0.18 - Subscriber+ Arbitrary Log Entry Creation
The plugin does not have authorisation in the theme-plugin-file AJAX action, allowing any authenticated users, such as subscriber to call it and add arbitrary audit log entries, which could also lead to Stored XSS due to the lack of escaping of some entry metadata...
URL Params < 2.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC urlparam htmltag='h1' attr='a'...
YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi
The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks. PoC Run the below command in the developer console of the web browser while being on the...
Stream < 3.9.3 - Missing Authorization via load_alerts_settings
...
Viable blog <= 1.1.4 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Vertical Image Slider < 1.2.17 - Reflected Cross-Site Scripting
The plugin does not properly sanitize the 'searchterm' parameter, leading to Reflected Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping...
Shield Security < 17.0.18 - Unauthenticated Stored XSS
The plugin does not escape the User Agent header retrieved via audit log records, which could allow unauthenticated attackers to perform Stored XSS attacks...
Tiempo.com <= 0.1.2 - Reflected XSS
The plugin does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
REST API TO MiniProgram <= 4.6.1 - Subscriber+ Attachment Deletion
The plugin does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...
Arya Multipurpose <= 1.0.5 - Unauthenticated Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Tiempo.com <= 0.1.2 - Shortcode Deletion via CSRF
The plugin does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack PoC Make a logged in admin open the URL below, this will make them delete the shortcode with ID 1...
Rating Widget <= 3.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
0mk Shortener <= 0.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
tagDiv Composer < 4.0 - Reflected Cross-site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the HTML code below...
CRM Memberships <= 1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC - Install the plugin and WooCommerce,...
Ninja Forms < 3.6.22 - Reflected XSS
The plugin does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...
Arconix Shortcodes <= 2.1.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Forms Ada <= 1.0 - Unauthenticated Reflected XSS
The plugin does not sanitize and escape some of it's parameters before reflecting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...
Tablesome < 1.0.9 - Reflected XSS
The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting PoC Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet...
HTTP Headers < 1.18.8 - Admin+ SQL Injection
This plugin has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. PoC 1. Create an SQL file with the following contents: UPDATE wpoptions SET optionvalue = "Hacked" WHERE optionname = "blogname" 2. As an admin user within WP Admin,...
WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi
The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. PoC Note: The visitorId parameter's numerical prefix before the %27 must be different on each try...
1app Business Forms <= 1.0.0 - Author+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users such as author and above to perform Stored Cross-Site Scripting attacks...
Side Cart Woocommerce < 2.2 - Settings Reset via CSRF
The plugin does not have CSRF check when reseting its Settings, which could allow attackers to make logged in admins perform such action via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=side-cart-woocommerce-settings=yes...
AI Contact Us Form <= 1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Redirect After Login <= 0.1.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...
Live Chat by Formilla < 1.3.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
eRocket < 1.2.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Form Block < 1.0.2 - Form Submission via CSRF
The plugin does not have CSRF checks when submitting forms, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CMS Tree Page View < 1.6.8 - Reflected XSS
The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Verified Reviews < 2.3.15 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ActiveCampaign < 8.1.12 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, add a "AC Forms" Gutenberg block ...
Mail Subscribe List <= 2.1.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP-dTree <= 4.4.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Simple Tooltips <= 2.1.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Simple Share Buttons Adder <= 8.4.8 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...