14603 matches found
Product page shipping calculator for WooCommerce < 1.3.21 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR
The plugin does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. PoC 1. Book or cancel booking an event using an authenticated user. 2. Intercept the request using an HTTP...
Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC Submit a message in the chatbox, intercept the request using Burp Suite for example. Edit the request to reflect this...
CopySafe Web Protection < 3.14 - Unauthenticated Reflected XSS
The plugin does not properly sanitize and escape the file name in it's file uploads functionality before reflecting it back on the page, allowing an unauthenticated attacker to inject arbitrary web scripts via the filename of uploaded files...
WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF
The plugin has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcodeactivatesnippets capability delete arbitrary log files on the server, including outside of the blog folders PoC Ma...
Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored XSS
The plugin does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. PoC On a clean Wordpress on localhost: 1. Modify the Shoutboxalias cookie with a value such as 2...
Magic Post Thumbnail < 4.1.11 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Ajax Search Lite Pro < 4.26.2 - Multiple Reflected Cross-Site Scripting
The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
Random Text <= 0.3.0 - Subscriber+ SQLi
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. PoC fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...
Weaver Show Posts < 1.7 - Contributor+ Stored Cross-Site Scripting
The plugin does not properly escape the profile display name, leading to stored Cross-Site Scripting vulnerabilities...
Health Check & Troubleshooting < 1.6.0 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Enhanced WP Contact Form <= 2.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Really Simple Google Tag Manager < 1.0.7 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF checks when activating plugins, which could allow attackers to make logged in users perform such action via a CSRF attack...
Premmerce Redirect Manager <= 1.0.10 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PixFields <= 0.7.0 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
Configurable Tag Cloud < 5.3 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Keith Solomon Configurable Tag Cloud CTC plugin = 5.2 versions...
HT Menu < 1.2.2 - Cross-Site Request Forgery
The plugin does not adequately validate certain requests use nonces, which can lead to a Cross-Site Request Forgery CSRF vulnerability...
Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
affiliate-toolkit – WordPress Affiliate < 3.3.4 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
JustTables – WooCommerce Product Table < 1.5.0 - Cross-Site Request Forgery
The plugin does not adequately protect against CSRF attacks, leading to potential unauthorized actions...
Wp Ultimate Review < 2.1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Mega Main Menu <= 2.2.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Easy Forms for MailChimp < 6.8.8 - Reflected XSS
The plugin does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the following code this requires the attacker...
Happy Addons for Elementor < 3.8.3 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in weDevs Happy Addons for Elementor plugin = 3.8.2 versions...
Affiliates Manager < 2.9.21 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...
GMAce <= 1.5.2 - Arbitrary File Creation/Deletion/Update via CSRF
The plugin does not have CSRF checks in the gmacemanagerserver function, which could allow attackers to make logged in admins create, delete and update arbitrary files via a CSRF attack...
Simple Image Popup < 2.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Required theme:...
Product Specifications for Woocommerce < 0.7.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape URL parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Easy Media Replace < 0.2.0 - Author+ File Deletion
The plugin does not validate path of files to be deleted, which could allow users with a role of Author and above to delete files with an allowed extension...
Woocommerce Custom Checkout Fields Editor With Drag & Drop <= 0.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the "tab" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Elementor Pro < 3.11.7 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation in an AJAX action relying only on a nonce, which is available to any authenticated users, and does not validate the options to be updated. This allows any authenticated users, such as subscriber to update arbitrary blog options, such as the defaultrole, when...
Video Central for WordPress <= 1.3.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC video-central-subtitle src="'...
MS-Reviews <= 1.5 - Subscriber+ Stored XSS
The plugin does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks PoC As a subscriber, submit a review a page/post with msreviews embed with the following payload: The XSS will be triggered when...
IP Blocker Lite <= 11.1.1 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin = 11.1.1 versions...
Advanced Shipment Tracking for WooCommerce <= 3.5.2 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Easy Forms for MailChimp < 6.8.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below shortcod...
Newsletter < 7.6.9 - Reflected XSS
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=newslettersystemstatus"...
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal
- The plugin did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector. - Path Traversal Vulnerabillity also allows listing the entire folder & image file in the system. PoC - The...
Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting
The plugin does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. PoC 1. Go to Galleries Add New. 2. Click "Add Media" and choose or upload an image. 3. When...
Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
The plugin does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must also be installed for this vulnerability to b...
WC Fields Factory < 4.1.7 - ShopManager+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin PoC...
Continuous Image Carousel With Lightbox < 1.0.16 - Reflected XSS
The plugin does not sanitise and escape some parameters before outputting them back, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Responsive WordPress Slideshows 3.29.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
Greenshift < 5.0.0 - Author+ Stored XSS
The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
Review Stream <= 1.6.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Contest Gallery < 21.1.2.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Albo Pretorio Online < 4.6.1 - Reflected XSS
The plugin does not sanitise and escape the Errore parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update
The plugin does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the...
Contact Forms by Cimatti < 1.5.5 - Reflected XSS
The plugin does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...