14603 matches found
Update Image Tag Alt Attribute <= 2.4.5 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WCP Contact Form <= 3.1.0 - Reflected XSS
The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
RapidExpCart <= 1.0 - Stored XSS via CSRF
The plugin does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection...
Charitable < 1.7.0.11 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update
The plugin does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example PoC Run the...
Help Desk WP <= 1.2.0 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. PoC 1. Using a user with Editor Role privileges, go to the support page assigned for the Help Desk WP Plugin. 2. Click on "Add New Ticket", and...
Login Page Styler <= 6.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...
Ebook Store < 5.78 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
GDPR Compliance & Cookie Consent <= 1.2 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
EZP Maintenance Mode <= 1.0.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
SparkPost <= 3.2.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
BizLibrary <= 1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Login as Admin. 2. Go to...
Pearl <= 1.3.4 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
File Gallery < 1.8.5.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
White Label Branding for Elementor Page Builder <= 1.0.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download
The plugin does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization assuming they can upload a file on the server PoC To download ../../../../wp-config.php:...
Ebook Store < 5.78 - Unauthenticated Sensitive Data Disclose
The plugin does not have authorisation check in its ebookstoreexportorders function, allowing unauthenticated users to call it and retrieve order information...
ShopEngine < 4.1.2 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Easy Ad Manager <= 1.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Original Media Path < 2.4.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Category Specific RSS feed Subscription < 2.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Continuous announcement scroller <= 13.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Flyzoo Chat <= 2.3.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Woocommerce Product Designer <= 4.3.3 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Links Page < 4.9.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Liquid Speech Balloon < 1.2 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Social Share Boost <= 4.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Uji Popup <= 1.4.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload
The plugin does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. PoC As an unauthenticated user access a form containing a File Upload for...
Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure
The plugin does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. In version 4.1.0 a nonce check was added to the request, but it still lacked authorization. PoC The admininit hook calls MoLdapLocalLogin class loginwidgetsaveoptions...
Ad Inserter < 2.7.27 - Admin+ PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
Yatra < 2.1.15 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Ninja Tables < 4.3.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ARMember < 4.0.2 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Gallery Metabox <= 1.5 - Gallery Removal via CSRF
The plugin does not have CSRF check when removing galleries, which could allow attackers to make logged-in admins perform such action via a CSRF attack...
Kodex Posts likes <= 2.4.3 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.16 - Reflected Cross-Site Scripting
The plugin does not properly sanitize and escape the 'searchterm' parameter, leading to a Reflected Cross-Site Scripting vulnerability...
Motors – Car Dealer & Classified Ads < 1.4.5 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
FormCraft <= 1.2.6 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Reservation.Studio widget < 1.0.12 - Cross-Site Request Forgery
The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...
Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery
The plugin does not adequately protect against Cross-Site Request Forgery CSRF attacks...
Jetpack CRM < 5.4.0 - PHAR Deserialisation via CSRF
The plugin does not have CSRF proper check in step 2 and 3 of the zeroBSCRMCSVImporterLitehtmlapp function, which then call fileexists on user input, which could allow unauthenticated users to perform PHAR Deserialisation attacks if they can upload a malicious file using a gadget chain, and then...
TaxoPress < 3.6.5 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
YARPP - Yet Another Related Posts Plugin < 5.30.5 - Subscriber+ LFI
The plugin does not validate a parameter before using it in an include statement, allowing any authenticated users, such as subscriber to perform LFI attacks...
Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the "Enter the URL: field, add the XSS...
Clock In Portal <= 2.1 - Holidays Deletion via CSRF
The plugin does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack PoC Make a logged in admin open a page with the code below, this will make them delete the Holiday with ID 1...
Stream < 3.9.3 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CMP – Coming Soon & Maintenance < 4.1.8 - Maintenance Mode Bypass
The plugin does not properly secure maintenance mode, allowing users to bypass it by using a correct cmpbypass GET parameter in the URL...
Clock In Portal <= 2.1 - Designation Deletion via CSRF
The plugin does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack PoC Make a logged in admin open a page with the code below, this will make them delete the Designation with ID 2...
BBSpoiler <= 2.01 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...