14603 matches found
WordPress Amazon S3 Plugin < 1.6 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...
Time Sheets < 1.29.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Login as Admin. 2. Go to...
Simple Giveaways < 2.45.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC As admin, add/edit a sharing method "Giveaways...
TreePress – Easy Family Trees & Ancestor Profiles < 3.0.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with the Admin role to perform Cross-Site Scripting attacks...
WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Admin Log <= 1.50 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Read More Without Refresh <= 3.1 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Simple Mobile URL Redirect <= 1.7.2 - Cross-Site Request Forgery
Cross-Site Request Forgery CSRF vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin = 1.7.2 versions...
Klaviyo <= 3.0.10 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Klaviyo Settings, and at Klaviyo...
Simple Giveaways < 2.45.1 - Editor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Login with an editor user and add/edi...
Kanban Boards for WordPress <= 2.5.20 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
FluentForms < 4.3.25 - Contributor+ Stored XSS via Custom HTML Form Field
The plugin does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the...
Bookly < 21.6 - Unauthenticated Stored XSS
The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
Open RDW kenteken voertuiginformatie < 2.1.0 - Reflected XSS
The plugin does not sanitise and escape the opendatardwkenteken parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
SEO by Squirrly SEO < 12.1.21 - Missing Authorization
The plugin does not check capabilities in some AJAX actions, allowing low-privileged users to perform privileged actions...
WP Simple Events <= 1.0 - Admin+ Cross Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Ecwid Shopping Cart < 6.11.5 - Contributor+ Stored Cross-Site Scriping
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
WooCommerce Weight Based Shipping < 5.5.0 - Settings Update via CSRF
The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
WP Express Checkout < 2.2.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. If the 'Admin Dashboard Access Permission' is set...
WP Popup Banners <= 1.2.5 - Subscriber+ SQLi
The plugin does not properly sanitise and escape the bannerid parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...
SEO by Squirrly SEO < 12.1.21 - Reflected Cross-Site Scripting
The plugin does not sanitize and escape the "page" and "tab" URL parameters, leading to a Reflected Cross-Site Scripting vulnerability...
Article Directory <= 1.3 - Admin+ Stored XSS
The plugin does not properly sanitize the publishtermstext setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts. PoC POST /wordpress/wp-admin/options.php HTTP/1.1 Host: 172.28.128.6 User-Agent: Mozilla/5.0...
Return and Warranty Management System for WooCommerce <= 1.2.3 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
eCommerce Product Catalog < 3.3.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP-Advanced-Search <= 3.3.8 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WP Job Portal <= 2.0.1 - Subscriber+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...
WP Tiles <= 1.1.2 - Subscriber+ Draft/Private Post Title Disclosure
The plugin does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. PoC Run the below command in the...
WP Tiles <= 1.1.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC wp-tiles extraclasses='"...
Import External Images <= 1.4 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Newsmag <= 2.4.4 - Subscriber+ Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Event Manager for WooCommerce < 3.7.8 - Cross-Site Request Forgery (CSRF)
The plugin does not protect its uninstallreasonsubmission action against CSRF attacks, allowing an unauthenticated attacker to trick a logged in admin to submit a deactivate reason by submitting a crafted request...
WP Simple Shopping Cart 4.6.3 - Unauthenticated PII Disclosure
The plugin saves exported shopping cart data in a publicly accessible directory, allowing unauthenticated users to retrieve PII such as full names, email/IP address etc...
SMTP2GO < 1.5.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Mediciti Lite <= 1.3.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Note: This is very likely the same issue than...
PB SEO Friendly Images <= 4.0.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Plugin for Google Reviews < 2.2.4 - Subscriber+ SQLi
The plugin does not properly sanitise and escape the placeid parameter before using it in a SQL statement via the grwoverviewajax AJAx action, leading to a SQL injection exploitable by any authenticated users, such as subscriber...
WP Email Capture < 3.11 - Unauthenticated Email Capture Download
The plugin does not have authorisation in the wpemailcaptureoptionsprocess function, hooked to admininit, allowing unauthenticated users to download Email Captures and retrieve email addresses...
Chronoforms <= 7.0.9 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Basic Elements <= 5.2.15 - Cross-Site Request Forgery (CSRF)
The plugin does not protect its wpbesavesettings ajax actions against CSRF attacks, allowing an unauthenticated attacker to update the plugin settings by tricking a logged in admin to submit a crafted request...
Tags Cloud Manager <= 1.0.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against ??? high privilege users such as admin|only unauthenticated users...
xili-tidy-tags <= 1.12.03 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn't provide enough information on which actions could be performed...
Embed Any Document < 2.7.2 - Author+ Stored XSS
The plugin does not validate and sanitize upload SVG files, which could allow users with an author role and above to perform Stored Cross-Site Scripting attacks...
Modern Footnotes < 1.4.16 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Admin side data storage for Contact Form 7 <= 1.1.1 - Unauthenticated Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
LOGIN AND REGISTRATION ATTEMPTS LIMIT <= 2.1 - Cross-Site Request Forgery (CSRF)
The plugin does not protect some of its actions against CSRF attacks, allowing an attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request...
Modern Events Calendar lite <= 5.16.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the import/export section. 2. Enter...
Yandex.News Feed by Teplitsa <= 1.12.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Easy Event calendar <= 1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...
Site Reviews < 6.6.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CMS Press <= 0.2.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...