14603 matches found
Quiz And Survey Master < 8.0.8 - Text Message Setting Update via CSRF
The plugin does not have CSRF check when updating the Quiz Text Message Setting, which could allow attackers to make logged admin perform such actions via a CSRF attack...
Shortcodes Ultimate < 5.12.7 - Subscriber+ Arbitrary File Access
The plugin does not validate the url attribute of its sutable shortcode before displaying its content, which could allow any authenticated users, such as subscriber to read arbitrary files from the server when the "Unsafe Features" settings is enabled...
Link Juice Keeper < 2.0.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Shortcodes Ultimate < 5.12.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Quick Paypal Payments < 5.7.26 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Shortcodes Ultimate < 5.12.7 - Subscriber+ SSRF
The plugin does not validate the url attribute of its sucsvtable shortcode before making a request to it, which could allow any authenticated users, such as subscriber to perform SSRF attacks...
WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion
The plugin does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete the auth key. PoC As a...
ImageMagick Engine < 1.7.6 - PHAR Deserialization via CSRF
The plugin does not validate the clipath parameter and does not have CSRF check, which could allow attackers to make a logged in admin call a file with a PHAR wrapper via a CSRF attack. This could lead to PHAR deserialization when a suitable gadget chain is present on the blog and the attacker...
Scriptless Social Sharing < 3.2.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Add a "Scriptless Social Sharing" Gutenberg block ...
Replyable < 2.2.10 - Subscriber+ PHP Object Injection
The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...
Weixin Robot Advanced <= 6.0.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
ColorWay <= 4.2.3 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn't provide enough information on which actions could be performed...
Wicked Folders < 2.18.17 - Folder Structure Update via CSRF
The plugin does not have CSRF checks when managing its folder structure such as moving, deleting, creating etc folders, which could allow attackers to make logged admins perform such actions via CSRF attacks...
Slider by Supsystic <= 1.8.6 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
OWM Weather < 5.6.12 - Post Duplication via CSRF
The plugin does not have CSRF check when duplicating posts which will be duplicated as drafts, which could allow attackers to make logged in admin perform such action via a CSRF attack and fill up the post table...
Wicked Folders < 2.18.17 - Subscriber+ Folder Structure Update
The plugin does not have authorisation check when managing its folder structure such as moving, deleting, creating etc folders, which could allow any authenticated users, such as subscriber to perform such actions...
Yellow Yard < 2.8.12 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC yyfilter field='"...
Responsive Pricing Table < 5.1.7 - Contributor+ Stored XSS
The plugin does not sanitise and escape the fields.title parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
Interactive Geo Maps < 1.5.11 - Editor+ Stored XSS
The plugin does not sanitise and escape some parameters before outputting them back in attributes, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Quick Contact Form < 8.0.4 - Contributor+ Stored XSS
The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Chained Quiz < 1.3.2.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Icegram Collect < 1.3.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Visualizer < 3.9.2 - Contributor+ Stored XSS
The plugin does not sanitise and escape some parameters in the renderChartPages function, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
Conversios.io < 5.2.4 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
A2 Optimized WP < 3.0.5 - Data Collection Toggle via CSRF
The plugin does not have CSRF check in place when toggling its data Collection settings, which could allow attackers to make a logged in admin enabled/disable it via a CSRF attack...
GigPress <= 2.3.28 - Subscriber+ SQLi
The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks PoC Run the below commands in the developer console of the web browser while being on the...
Mercado Pago payments for WooCommerce < 6.4.0 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Responsive Image Gallery, Gallery Album < 2.0.2 - Reflected XSS
The plugin does not sanitise and escape the id parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Arigato Autoresponder and Newsletter < 2.7.1.1 - Unauthenticated Stored XSS
The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks...
CC Custom Taxonomy <= 1.0.1 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Pie Register < 3.8.2.3 - Open Redirect
The plugin does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability PoC Log In: 1. Visit /login?redirectto=//example.com 2. Log in as a user with lower privileges than Administrator. 3. See that the browser is redirected to...
Monolit < 2.0.7 - Reflected XSS
The theme does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
0mk Shortener <= 0.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
eCommerce Product Catalog < 3.3.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Ajax Search Lite < 4.11.1 - Subscriber+ Sensitive Data Disclosure
The plugin does not have authorisation and CSRF checks in the wdsearchcf AJAX action, which could allow any authenticated users to call it and retrieve arbitrary post metadata Note: v4.11 added only a CSRF check, authorisation was added in 4.11.1...
ShopLentor < 2.5.2 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Arigato Autoresponder and Newsletter < 2.7.1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
User Activity <= 1.0.1 - IP Spoofing
The plugin checks headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing PoC 1. Send login request with x-forwarded-for: REDACTEDIP 2. Show spoofed IP address in the dashboard OWASP A09:2021 – Security Logging and Monitoring Failures...
WebinarIgnition < 2.14.3 - Admin+ Stored XSS
The plugin does not sanitise and escape the appname and webinardesc parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Similar Posts <= 3.1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Setup: The CTA Expansion...
Metform Elementor Contact Form Builder < 3.2.0 - Unauthenticated Stored XSS
The plugin does not sanitize and escape some of its submitted entry data when outputting them back in the admin dashboard, which could allow unauthenticated attackers to perform Stored XSS attacks against an admin viewing the malicious entry PoC Setup as admin: Create a new form using MetForm...
GS Insever Portfolio < 1.4.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC gsinstagram id='" onmouseover="alert1"...
Podlove Podcast Publisher < 3.8.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Watu Quiz < 3.3.8.1 - Admin+ Stored XSS
The plugin does not sanitise and escape the gtitle parameter, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Formidable Forms < 5.5.7 - Arbitrary Entry Deletion via CSRF
The plugin does not have CSRF check when deleting entries, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Robo Gallery < 3.2.11 - Plugin Activation/Deactivation via CSRF
The plugin does not have CSRF checks when activating and deactivating plugins, which could allow attackers to make logged in users perform such actions via CSRF attacks...
Pinpoint Booking System < 2.9.9.2.9 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Arigato Autoresponder and Newsletter < 2.7.1.2 - Contributor+ Stored XSS
The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Embed PDF <= 1.0.6 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC gdoc class='"...