14603 matches found
Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Exploit Additional CSS classes for "Spotlight...
Zoho Forms < 3.0.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, put the following in ...
WP Terms Popup < 2.6.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Modal Dialog < 3.5.10 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Parsi Date < 4.0.2 - Reflected Cross-Site Scripting
The plugin does not escape generated URLs before outputing them in attrubutes, leading to Reflected Cross-Site Scripting...
PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wcps id='" onmouseover="alert/XSS/"'...
WP Popups < 2.1.4.9 - Contributor+ Stored XSS
The plugin does not validate and escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP Helper Lite < 4.3 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape all GET parameters before outputting them back in an AJAX response, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin-ajax.php?action=surveySubmit="...
WP Google Review Slider < 11.8 - Subscriber+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. PoC Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST...
Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Exploit Additional CSS classes for "Lightweight...
WP TripAdvisor Review Slider < 10.8 - Subscriber+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. PoC Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST...
WP Review Slider < 12.2 - Subscriber+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. PoC Run the following code in the browser console on any WP Admin page. fetch'/wp-admin/admin-ajax.php', method: 'POST...
Image and Video Lightbox, Image PopUp < 2.1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape various parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Oi Yandex.Maps <= 3.2.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Advanced Social Pixel <= 2.1.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Flipclock < 1.8 - Contributor+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
WP Google Map < 4.4.0 - Editor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks...
Quick Event Manager < 9.7.5 - Unauthenticated Stored XSS
The plugin does not sanitise and escape the "yourname" parameter, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
MailOptin 1.2.54.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Smart Preloader < 1.15.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ProfilePress < 4.5.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Simple Staff List < 2.2.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Conversational Forms for ChatBot < 1.1.7 - Admin+ Stored XSS
The plugin does not sanitise and escape a form name, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Google Maps < 9.0.16 - Admin+ Path Traversal
The plugin does not validate the XML Directory path settings, which could allow high privilege users such as admin to perform Path Traversal attacks...
Social Like Box and Page by WpDevArt < 0.8.40 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its select elements, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
FL3R FeelBox <= 8.1 - Unauthenticated SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC 1. Visit a blog post and extract the nonce from the source search for "feelboxAjax", and extract the "token" curl...
Heateor Social Comments < 1.6.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Bubble Menu - Circle Floating Menu < 3.0.2 - Form Deletion via CSRF
The plugin does not have CSRF checks when deleting forms, which could allow attackers to make logged in users perform such actions via a CSRF attack...
VikRentCar < 1.3.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Media Library Categories < 2.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Contact Us page - Contact people LITE < 3.7.1 - Contact Update/Deletion/Creation via CSRF
The plugin does not have CSRF checks when creating, updating and deleting contacts, which could allow attackers to make logged in users perform such actions via CSRF attacks...
Amazon JS <= 0.10 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC amazonjs asin='XSS' imgsize='"...
Quick Event Manager < 9.7.5 - Registration Deletion/Update via CSRF
The plugin does not have CSRF checks when deleting and updating registrations, which could allow attackers to make logged in users perform such actions via CSRF attacks...
Pods < 2.9.11 - Pods Deletion via CSRF
The plugin does not have CSRF checks when deleting pods, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Very Simple Google Maps < 2.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP Time Slots Booking Form < 1.1.82 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
User Registration < 2.3.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Category Specific RSS feed Subscription < 2.2 - Settings Update via CSRF
The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Image Hover Effects For WPBakery Page Builder < 5.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
GiveWP < 2.24.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC givemultiformgoal image='"...
Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
M Chart < 1.10 - Contributor+ Stored XSS
The plugin does not sanitize and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update
The plugin does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. PoC fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', , body:...
Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...
3com Asesor de Cookies <= 3.4.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP eBay Product Feeds < 3.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Interactive Polish Map < 1.2.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC v 5.30.3 yarpp template="'...
Nice PayPal Button Lite <= 1.3.5 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Mapwiz <= 1.0.1 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC POST /wp-admin/admin.php?page=myplug/muyplg.php HTTP/1.1...