14603 matches found
OoohBoi Steroids for Elementor < 2.1.5 - Arbitrary File Upload
The plugin does not properly protect its fileuploadercallback function with capability checks, which makes it possible for attackers with a low-privilege account, like subscribers, to upload image attachments to the site...
Essential Blocks < 4.0.7 - Multiple Functions Missing Authorization Checks
The plugin does not apply authorization checks on multiple sensitive functions in the plugin, making them reachable to users with low privileges like Subscribers. Additionally, its nonce validation logic can be bypassed. Affected functions include: save, get, templates, templatecount,...
BadgeOS <= 3.7.1.6 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
ApexChat < 1.3.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Clock In Portal <= 2.1 - Staff Deletion via CSRF
The plugin does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack PoC Make a logged in admin open a page with the code below, this will make them delete the Staff with ID 1...
Thumbnail carousel slider < 1.1.10 - Reflected XSS
The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin. PoC Make a logged in admin open: GET...
YellowPencil Visual CSS Style Editor < 7.5.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...
Semalt Blocker <= 1.1.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Themify Portfolio Post < 1.2.5 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
Product Slider For WooCommerce Lite <= 1.1.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC psfwlgutenblock headingtag='h2"...
Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this vulnerability...
Video List Manager <= 1.7 - Admin+ SQL Injection
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC SELECT query: 1. Log in as admin. 2. Visit the following path on the site:...
WP Popups < 2.1.5.1 - Contributor+ Stored XSS
The plugin does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficie...
Membership Database <= 1.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
Post Shortcode <= 2.0.9 - Contributor+ Stored Cross-Site Scripting
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC pcs template='" onmouseover="alert1"...
Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users PoC Setup: 1. Install woocommerce dependency, no setup required 2. Install the vulnerable plugin woo-altcoin-payment-gateway version 1.7.1...
WP Login Box <= 2.0.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Set “Greeting Text” option to: Set “Enable the...
Japanized For WooCommerce < 2.5.8 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC With the PeachPay payment gateway enabled can be enabled via the settings: http://example.com/wp-admin/admin.php?page=wc4jp-options=payment Make a logged in admin open the...
Ultimate Carousel For WPBakery Page Builder <= 2.6 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The plugin author was made aware of this...
LearnPress Export Import < 4.0.3 - Reflected XSS
The plugin does not sanitise and escape the learn-press-export-file-name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Wp-D3 <= 2.4.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC d3-source canvas='" onmouseover="alert1...
Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in Admin open a page containing the HTML code below...
NEX-Forms < 8.4 - Admin+ SQL Injection
The plugin does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Deleted Headers action=nfupdaterecord=Injection PointId=1=shared=exploit%60fields=/Deleted Content/...
Responsive Filterable Portfolio < 1.0.20 - Reflected XSS
The plugin does not sanitise and escape the searchterm parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Mega Addons For WPBakery Page Builder < 4.3.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC vctestimonial link='target:"...
Locatoraid Store Locator < 3.9.15 - Contributor+ Stored Cross-Site Scripting
The plugin does not properly sanitize input and escape output in its shortcodes, leading to stored cross-site scripting vulnerabilities for authenticated users with contributor-level permissions or higher...
WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting
The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability. PoC After setting up the plugin, visit the following URL: /wp-login.php?wplang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert0%0c...
Affiliate Links Lite <= 2.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Booqable Rental <= 2.4.16 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...
WP EasyPay < 4.1 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Electric Studio Client Login <= 0.8.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ZM Ajax Login & Register <= 2.0.2 - Unauthenticated Authentication Bypass
The plugin does not validate that users are allowed to login through the Facebook feature, allowing unauthenticated to be authenticate as any user such as admin by simply knowing the username...
Motor Racing League <= 1.9.9 - Admin+ XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CoSchedule < 3.3.9 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Simple Popup Images <= 1.8.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
FooGallery < 2.2.41 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Enable Accessibility <= 1.4 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Ultimate Noindex Nofollow Tool II < 1.3.4 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
ShiftController Employee Shift Scheduling < 4.9.26 - Reflected Cross-Site Scripting
The plugin does not properly sanitize input and escape output in the query string, leading to a Reflected Cross-Site Scripting vulnerability...
Shortlinks by Pretty Links < 3.4.1 - Link Visit Stats Clear via CSRF
The plugin does not have CSRF checks when clearing the Link Visits statistics, which could allow attackers to make logged in admins perform such actions via a CSRF attack...
Betheme < 26.8 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to this page:...
Cloud Manager <= 1.0 - Reflected XSS
The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. PoC...
ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS
The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS PoC Run the below command...
WP Inventory Manager < 2.1.0.12 - Reflected XSS
The plugin does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. PoC On a page where the wpinventory shortcode is embed, append the following...
ChatBot < 4.5.1 - Admin+ Stored XSS
The plugin does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Your...
UserPlus <= 2.0 - Stored XSS via CSRF
The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. PoC Open the .html file where the admin user is logged in - Go to...
ChatBot < 4.4.5 - Stored XSS via CSRF
The plugin does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. Note: v4.4.5 fixed the CSRF issue, the lack of escaping was fixed in 4.5.1 and a separate iss...
ChatBot < 4.4.9 - Unauthenticated Stored XSS
The plugin does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard PoC curl -X POST --data 'qcbotstrweight=" style=animation-name:rotati...
hiWeb Migration Simple <= 2.0.0.1 Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. The hiweb-migration-simple plugin is vulnerable to POST based XSS on endpoint...