14603 matches found
Ecwid Shopping Cart < 6.11.4 - Import via CSRF
The plugin does not have CSRF check when importing Woo data, which could allow attackers to make logged in admins perform such action via a CSRF attack...
BNE Testimonials < 2.0.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Booking calendar, Appointment Booking System < 3.2.4 - Editor+ Stored XSS
The plugin does not escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Quick Restaurant Menu < 2.1.0 - Subscriber+ Arbitrary Post Deletion/Updating
The plugin does not ensure that the menu to be deleted/updated is actually a menu, and does not have authorisation in the related AJAX actions, which could allow any authenticated users, such as subscriber, to delete and update arbitrary posts...
DH - Anti AdBlocker < 37 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Quick Restaurant Menu < 2.1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Booking calendar, Appointment Booking System < 3.2.4 - Form Creation/Update/Deletion/Duplication via CSRF
The plugin does not have CSRF checks on some of its form actions such as creation/update/deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks...
Material Design Icons for Page Builders < 1.4.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...
Organization Chart < 1.4.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
AI ChatBot < 4.3.1 - Admin+ Stored XSS
The plugin does not sanitise and escape its qlcdwpchatbotemailsub settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Conditional Shipping for WooCommerce < 2.3.2 - Ruleset Toggle via CSRF
The plugin does not have CSRF check when toggling ruleset, which could allow attackers to make logged in users with the managewoocommerce capability perform such action via a CSRF attack...
TinyMCE Custom Styles < 1.1.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Greenshift < 5.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Advanced...
Quick Restaurant Menu < 2.1.0 - Menu Items Update via CSRF
The plugin does not have CSRF checks when updating its menu items, which could allow attackers to make logged in admins update menu items via a CSRF attack...
Blocksy Companion < 1.8.68 - Contributor+ Stored XSS
The plugin does not validate and escape the class attribute of its blocksyposts shortcode before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
ContentStudio < 1.2.6 - Authorisation Bypass
The plugin does not properly check for API keys, allowing unauthenticated users bypass of the authorisation in place via type juggling...
Unlimited Elements For Elementor < 1.5.49 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Welcart e-Commerce < 2.8.11 - Reflected XSS
The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Bootstrap Shortcodes <= 3.4.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor+ create a new post and...
Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC column size='" onmouseover="alert1"...
Video.js - HTML5 Video Player for WordPress <= 4.5.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC videojs mp4='" onerror="alert/XSS/"'...
Download Video Sidebar Widgets <= 6.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC vsw source="youtube" id="3PdILZ1P74"...
Easy Social Box < 4.1.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC easy-fb-like-box locale='"; alert1; var...
Simple File Downloader <= 1.0.4 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor+ create a new post and...
Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC login edittag=' onmouseover="alert1"'...
Loan Comparison < 1.5.3 - Contributor+ Stored XSS via shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC loancomparison slider='"...
Post Views Count <= 3.0.2 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a Contributor+ create a new post and...
WP Responsive Testimonials Slider And Widget <= 1.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC testimonialsslider autoplay="1; alert1;...
Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: A Set needs to be present op-is-op...
Loan Comparison < 1.5.2 - Reflected XSS via shortcode
The plugin does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL. PoC Create a page "Test" containing the shortcode "loancomparison",...
Page Builder: Live Composer < 1.5.23 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC dslcnotification color='red"...
Timed Content < 2.73 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC timed-content-client hide="10:00:'...
Watu Quiz < 3.3.8.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in one of the 'Word...
LearnPress Plugin < 4.2.0 - Subscriber+ SQLi
The plugin does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks Note: The original advisory mentioned that the issue is only exploitable by contributors, b...
LearnPress Plugin < 4.2.0 - Unauthenticated LFI
The plugin does not validate various parameters in the lp/v1/courses/archive-course REST endpoints before using them in include statement, which could lead to LFI issues...
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting
The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks. PoC Note: The exploit requires the Contact Form 7 plugin. Exploit Additional CSS classes for “Contact Form 7 Styler” Gutenberg...
Watu Quiz < 3.3.8.2 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC Make a logged in admin open the following URL:...
Product Slider and Carousel with Category for WooCommerce < 2.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC wcpscwcpdtslider design='" onmouseover="alert1"'...
Intuitive Custom Post Order < 3.1.4 - Arbitrary Menu Order Update via CSRF
The plugin lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack PoC...
Intuitive Custom Post Order < 3.1.4 - Subscriber+ Arbitrary Menu Order Update
The plugin does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order PoC Open the below HTML while being logged in as a subscriber...
Shortcode for Font Awesome < 1.4.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC fa set='" onmouseover="alert1"...
WP Font Awesome < 1.7.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpfa color='red" onmouseover="alert1...
LearnPress Plugin < 4.2.0 - Unauthenticated SQLi
The plugin does not properly sanitise and escape the order by parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
Material Design Icons for Page Builders < 1.4.3 - Settings Update via CSRF
The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such actions via a CSRF attack...
Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wp-structuring-markup-breadcrumb class=...
Easy Affiliate Links < 3.7.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Easy...
Pinpoint Booking System < 2.9.9.2.9 - Subscriber+ SQLi
The plugin does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. PoC Note: A Calendar is needed if there is not one already. Run the below command in the...
WP Airbnb Review Slider < 3.3 - Subscriber+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. PoC Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST...
Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpdevartlikebox height='"...