14603 matches found
Jobs for WordPress < 2.6.0 - Author+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
Multi-column Tag Map < 17.0.25 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
List Pages Shortcode < 1.7.6 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC list-page...
Image Hover Effects for Elementor with Lightbox and Flipbox < 3.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Booking System < 2.0.18.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP htpasswd <= 1.7 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
IP Vault - WP Firewall <= 1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Show-Hide / Collapse-Expand <= 1.2.5 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Multi Rating < 5.0.6 - Ratings Deletion via CSRF
The plugin does not have CSRF check when deleting ratings, which could allow attackers to make logged in admins to perform such action via a CSRF attack...
EZP Coming Soon Page < 1.0.7.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PHP Execution <= 1.0.0 - Settings Update via CSRF
The plugin does not have CSRF check when enabling low privilege users such as subscriber the ability to execute PHP code, which could allow attackers to make logged in admins enable such option via a SCRF attack...
Olevmedia Shortcodes <= 1.1.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC button style='"...
Galleries by Angie Makes <= 1.67 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC gallery ids='1' captions="'...
Usersnap < 4.17 - Admin+ Stored XSS
The plugin does not sanitise and escape its API Key settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Ocean Extra < 2.1.2 - Contributor+ Stored XSS
The plugin does not escape the class attribute of its oceanwpbreadcrumb shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC oceanwpbreadcrumb class='"...
Print Invoice & Delivery Notes for WooCommerce < 4.7.2 - Reflected XSS
The plugin is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability. WooCommerce must be installed and active. This vulnerability is caused by a...
Magazine Edge <= 1.13 - Subscriber+ Arbitrary Plugin Activation
The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins PoC Run the below command in the developer console of the web browser while being on the blog as a subscriber user...
Marketing Performance <= 2.0.0 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Donation Block For PayPal < 2.1.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC paypaldonationblock size='"...
ShortPixel Adaptive Images < 3.6.3 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin PoC https://example.com/?SPAIVJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert/XSS/;%3E...
Namaste! LMS < 2.5.9.4 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Namaste Settings, and at Payment...
Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC 1. Go to the Mailing list option and register a new user with the value...
Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download
The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. PoC Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file:...
WP Statistics < 13.2.11 - Subscriber+ SQLi
The plugin does not properly sanitise and escape some parameters before using them in SQL statements, leading to a SQL injection exploitable by users with a role as low as subscriber...
GeoDirectory < 2.2.24 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC POST /wp-admin/admin-ajax.php HTTP/1.1...
WP Private Message < 1.0.6 - Private Message Disclosure via IDOR
The plugin bundled with the Superio theme as a required plugin does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID. PoC - Install the Superio them...
Easy Digital Downloads < 3.1.0.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Add the "EDD Buy Button" Gutenberg block to a post...
GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Insert the following shortcode in a...
Real Media Library < 4.18.29 - Author+ Stored XSS
The plugin does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. PoC As a user with the author role, go to Media Library and create a new folder with the following payload: " Then Add a new...
PrivateContent < 8.4.4 - Brute Force Protection Bypass
The plugin checks whether an IP is blocked or not via client-side validation, allowing attackers to bypass such protection via crafted requests...
Robo Gallery <= 3.2.11 - Cross-Site Request Forgery
The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. The original researcher didn't provide enough information on which actions could be performed...
GS Books Showcase < 1.3.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC gsbookshowcase theme='"...
WP Dark Mode < 4.0.0 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack PoC Exploit shortcode: wpdarkmode class='" onmouseover="alert1"'...
GS Products Slider for WooCommerce < 1.5.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC gswps theme='" onmouseover="alert1"...
EmbedSocial < 1.1.28 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC embedsocialstories id="'...
EmbedStories < 0.7.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC embedsocialstories id="'...
Interactive Geo Maps < 1.5.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting PoC Make a logged in admin/SA open one of the URL below: v -...
GS Filterable Portfolio < 1.6.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Note: First, you need to add a Portfoli...
WP Email Capture < 3.10 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ShopLentor < 2.5.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, add a "WL : FAQ" Gutenberg block...
ShopLentor < 2.5.4 - PHP Object Injection
The plugin unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...
JS Help Desk < 2.7.2 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Glossary < 2.1.28 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Advanced Form Integration < 1.63.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
bbPress Voting < 2.1.11.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Namaste! LMS < 2.5.9.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ContentStudio < 1.2.6 - Nonce Disclosure
The plugin discloses sensitive information to unauthenticated users, such as a nonce used to create a posts...
WP Table Manager < 3.5.3 - Contributor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
VikBooking Hotel Booking Engine & PMS < 1.5.12 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...