14603 matches found
Podlove Subscribe button < 1.3.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Social Login and Register < 7.6.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Easy Panorama < 1.1.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Inline Tweet Sharer < 2.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Quick Contact Form < 8.0.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Insert < 2.5.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Ultimate WP Query Search Filter <= 1.0.10 - Contributor+ XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP BaiDu Submit <= 1.2.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Upload File Type Settings <= 1.1 - Admin+ Stored XSS
The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
Download Info Page <= 1.3.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Sticky Ad Bar <= 1.3.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Archivist - Custom Archive Templates < 1.7.5 - Stored XSS via CSRF
The plugin does not have CSRF when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Service Area Postcode Checker <= 2.0.8 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
vSlider Multi Image Slider for WordPress <= 4.1.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Social Login and Register < 7.5.15 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...
Tapfiliate < 3.0.13 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Click to Call or Chat Buttons < 1.5.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Feed Changer & Removerr < 0.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Multi Rating < 5.0.6 - Reflected XSS
The plugin does not sanitise and escape the from-date, to-date and post-id parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Note: 1. First, you need to add a...
Quick Event Manager < 9.6.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
My Tickets < 1.9.11 - Bulk Emailing via CSRF
The plugin does not have CSRF check when bulk emailing, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Conditional Payments for WooCommerce < 2.3.2 - Plugin RuleSets Activation/Deactivation via CSRF
The plugin does not have CSRF checks when activating and deleting its rulesets, which could allow attackers to make logged in users perform such actions via CSRF attacks...
WP Prayer < 1.9.7 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Locatoraid Store Locator < 3.9.12 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Interactive SVG Image Map Builder < 1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
NextGEN Gallery < 3.29 - Thumbnail Deletion via CSRF
The plugin does not have CSRF checks when deleting Thumbnail, which could allow attackers to make logged in users with the editPost capability to perform such action via a CSRF attack...
Opt-Out for Google Analytics < 2.3.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Ocean Extra < 2.1.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: This requires the OceanWP theme to...
Quick Paypal Payments < 5.7.26 - Unauthenticated Payment Message Deletion/Update
The plugin does not have authorisation in the downloadlogs function, allowing unauthenticated users to export, delete payment messages, as well as update payment message options...
Quick Paypal Payments < 5.7.26 - Unauthenticated Stored XSS
The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
Popup Builder by OptinMonster < 2.12.2 - Subscriber+ Arbitrary Post Content Disclosure
The plugin does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, like draft, private or even password protected ones. PoC Run one of the below commands in the...
Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure
The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. PoC Note: This requires the OceanWP theme to be...
Resume Builder <= 3.1.1 - Subscriber+ Stored XSS
The plugin does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users PoC Run the below command in the developer console of the web browser while being on the blog as...
Fancy Comments WordPress < 1.2.11 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Advanced Recent Posts <= 0.6.14 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC lptwrecentposts colorscheme='"...
Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored XSS
The plugin does not have authorisation and CSRF check when updating its settings, and does not escape some of them when outputting them, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks. An initial fix was released in version 2.10.1, and completed in...
Shoppable Images Lite < 1.2.4 - Arbitrary Post Deletion via CSRF
The plugin does not have CSRF checks in some places, for example when deleting/updating images. Furthermore, it does not ensure that the image to be deleted are actually images, which could allow attackers to make logged in admins delete arbitrary posts via a CSRF attack...
WooCommerce Checkout Field Manager < 18.0 - Unauthenticated Arbitrary File Upload
The plugin does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server PoC 1. Install and activate woocommerce dependency, no setup required 2. Install and active the vulnerable plugin n-media-woocommerce-checkout-fields...
Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpmproductgtin id='1' wrapper='div...
Announce from the Dashboard < 1.5.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cost Calculator <= 1.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC ndcostcalculator id='"...
DupeOff <= 1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Twitch Player < 2.1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Social Login and Register < 7.6.1 - Unauthenticated Arbitrary Content Deletion
The plugin does not have authorisation in some AJAX actions, allowing unauthenticated users to call them and perform unauthorised actions, such as delete social profile data...
eVision Responsive Column Layout Shortcodes <= 2.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC bscolumns class='" onmouseover="alert1"...
Simple Yearly Archive < 2.1.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
i2 Pros & Cons <= 1.3.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC i2prosandcons showbutton='true'...
UpQode Google Maps <= 1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit: vcugmmap mapheight='100px;...
Download Attachments <= 1.2.24 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC download-attachments containerclass='"...