14603 matches found
User Meta Manager <= 3.4.9 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Page Loading Effects < 3.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Theme Blvd Responsive Google Maps <= 1.0.2 - Contributor+ XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC wpecpp name="' accesskey='X'...
Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC themifyportfolioposts imageh='100"...
Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...
GiveWP < 2.24.1 - Unauthenticated SQLi
The plugin does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks PoC 1 Create a post/page that contains the "Donor Wall" block. 2 Using the default donation form, send a test donation 3 In a terminal, edit and ru...
Location Weather < 1.3.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Location...
Lightbox Gallery < 0.9.5 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC gallery ids='88' class='"...
MainWP Code Snippets Extension < 4.0.3 - Subscriber+ Settings Update
The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...
GigPress < 2.3.28 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: A Show needs to exist for the issu...
TemplatesNext ToolKit < 3.2.9 - Contributor+ Stored XSS
The plugin does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC txheading tag='script' headingtext='alert/XSS/'...
Better Font Awesome < 2.0.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC icon name='flag' class='4x border'...
MainWP Code Snippets Extension < 4.0.3 - Subscriber+ Stored XSS
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
MainWP Code Snippets Extension < 4.0.3 - Subscriber+ PHP Objection Injection
The plugin unserializes user input, which could allow any authenticated users, such as subscriber to perform PHP Object Injection...
Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields
The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Partial fixes were implemented in versions...
Rich Table of Contents < 1.3.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Note: The shortcode generates the conten...
Judge.me Product Reviews for WooCommerce < 1.3.21 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Note: First, you need to set Judge.me...
Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wppaypalpaymentboxforanyamount...
MainWP Matomo Extension < 4.0.5 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP-CommentNavi < 1.12.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
uTubeVideo Gallery < 2.0.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC utubevideo view='panel' id='"...
YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC yamap height='100px;"...
Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS
The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC widgetsonpages...
Simple URLs < 115 - Multiple Reflected XSS
The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. PoC https://example.com/wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=...
teachPress < 8.1.9 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS
The plugin does not sanitise and escape some Widget parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
Widget Shortcode <= 0.3.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access
The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. PoC Open the below URL as an...
OOPSpam Anti-Spam < 1.1.36 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Responsive Gallery Grid < 2.3.9 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Note: In ids, please add the image...
WP Visitor Statistics (Real Time Traffic) < 6.5 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wsmshowDayStatBox id='" onclick="javascript:alert1'...
TemplatesNext ToolKit < 3.2.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC txheading margin='"...
Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload
The plugin does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. PoC 1 As an Author, upload a picture via http://vulnerable-site.tld/wp-admin/upload.php 2 Press on the new picture's thumbnail to see the attachment's detai...
Simple URLs < 115 - Subscriber+ SQLi
The plugin does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber. PoC Run the below command in the developer console of the web browser...
Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...
Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC The exploit requires at least a...
Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Insert a "Contextual Related Posts" block, and...
Simple Tooltips < 2.1.4 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC simpletooltip...
Stream < 3.9.2 - Subscriber+ Alert Creation
The plugin does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information. PoC Step 1: Log in as a subscriber Step 2: Get a nonce from...
PDF Generator for WordPress < 1.1.2 - Reflected XSS
The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin PoC Make a logged in admin open the following URL:...
alfred24 Click & Collect <= 1.1.7 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
MagicForm <= 0.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WP Super Popup <= 1.1.2 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
MonsterInsights < 8.12.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, add an "Inline Popular Posts" to...
Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Required...
ExactMetrics < 7.12.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC As a contributor, add a "Popular Posts" block and...
No API Amazon Affiliate < 4.4.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
SiteGround Security < 1.3.1 - Admin+ SQLi
The plugin does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. PoC 1: POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1 Host: YOUR HOST X-WP-Nonce: YOUR NONCE Cookie: Admin+ Content-Length: 155...
Map Multi Marker <= 3.2.1 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...