14603 matches found
Page View Count < 2.6.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Page Views"...
ChatBot < 4.2.9 - Unauthenticated Settings Reset
The plugin does not have authorisation and CSRF checks when reseting its settings via an AJAX action available to unauthenticated users, which could allow unauthenticated attackers to reset the plugin's settings PoC https://example.com/wp-admin/admin-ajax.php?action=qcldwbchatbootdeletealloptions...
ContentStudio < 1.2.6 - Unauthorised Function Calls
The plugin does not have authorisation checks in various functions, which could allow unauthenticated users to retrieve arbitrary metadata, including the plugin's token used in other actions like when creating a post...
Blog Designer – Post and Widget < 2.4.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpspwrecentpostslider design='" onmouseover="alert1" style="background:red;"'...
Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
WP Tabs < 2.1.17 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC trtabs id='"; alert1; "' trtabs id='"...
Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
miniOrange WordPress SAML SSO Standard < 16.0.8 - Open Redirect in SSO login
The plugin does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in...
miniOrange WordPress SAML SSO Premium Multisite < 20.0.7 - Open Redirect in SSO login
The plugin does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in...
News & Blog Designer Pack < 3.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: bdpmasonry grid='1" onmouseover="alert1" style="background:red;"'...
miniOrange WordPress SAML SSO Premium < 12.1.0 - Open Redirect in SSO login
The plugin does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in...
CPO Companion < 1.1.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Post Grid, Post Carousel, & List Category Posts < 2.4.19 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Exploit Additional CSS classes for "Smart Post Sho...
WP Social Widget < 2.2.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpsw facebook='" onmouseover="alert1"'...
WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...
WP Tabs < 2.1.15 - Multiple CSRF
The plugin does not have proper CSRF checks in some places, for example when importing shortcodes, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...
Widgets for Google Reviews < 9.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
CC Child Pages < 1.43 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...
Social Warfare < 4.4.0 - Post Meta Deletion via CSRF
The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks PoC...
Social Warfare < 4.3.1 - Subscriber+ Post Meta Deletion
The plugin does not have authorisation in some AJAX actions, allowing any authenticated users, such as subscriber, to call them and delete arbitrary post meta as well as reset access tokens related to network...
CPO Companion < 1.1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
AAWP < 3.12.3 - Unsafe URL Handling
The plugin can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies. PoC wp-content/aawp/public/image.php?url=base64-url will load and download the file from the base64-decoded URL...
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
JetWidgets for Elementor < 1.0.13 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Note: Enable compatibility mode by going to the settings of the plugins. Exploit shortcode: easy-pricing-toggle...
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. PoC 1. Install and activate WooCommerce dependency, no setup required 2. Create a local file containing the payload on /tmp/payload.php 3...
WooCommerce Chained Products < 2.12.0 - Unauthenticated Arbitrary Options Update to 'no'
The plugin does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no' PoC As unauthenticated, open the following URL to set the Blog Name to 'no':...
FL3R FeelBox <= 8.1 - Settings Update via CSRF to Stored XSS
The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open a page containing the HTML code below...
My Calendar < 3.3.25 - Event/Location Deletion via CSRF
The plugin does not have CSRF checks when deleting events and locations, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Add the Feedz...
FL3R FeelBox <= 8.1 - Moods Reset via CSRF
The plugin does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables PoC Make a logged in admin open a page containing the HTML code below...
Insert Pages < 3.7.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...
Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...
Justified Gallery < 1.7.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: gallery ids="1" lightbox="' onmouseover='alert1'"...
Simple Sitemap < 3.5.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note:...
PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: pdfviewer height='" onmouseover="alert1"'http://localhost/file.pdf/pdfviewer...
CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note: Fir...
MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. PoC 1. Insert...
Social Sharing Toolkit <= 2.6 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note: Fir...
Icon Widget < 1.3.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...
Members Import <= 1.4.2 - XSS via Imported CSV
The plugin does not sanitise and escape imported CSV, which could allow attackers to perform Cross-Site Scripting attacks if they can make an admin import a malicious CSV file...
PixCodes < 2.3.7 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: accordion class='" onmouseover="alert1" style="background:red;width:100px;height:100px;"'...
Blockonomics < 3.5.8 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the filterby parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Bold Timeline Lite < 1.1.5 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
Booster for WooCommerce - Multiple CSRF
The plugins have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks...
Qubely < 1.8.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Add the following Additional CSS classes to the...
10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...