14603 matches found
Multiple themes - Unauthenticated Arbitrary File Upload
Multiple themes from ChimpStudio and PixFill does not have any authorisation and upload validation in the langupload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server. PoC Create a malicious file "backdoor.php", then curl...
Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access
The plugin does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts such as private content, by sending a specifically crafted request. PoC The nonce can be...
WP Google My Business Auto Publish < 3.4 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Note: First, you need to connect a Google My Business, select Account, and select Location. Exploit shortcode:...
GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Note:...
Passster < 3.5.5.8 - Contributor+ Stored Cross-Site Scripting
The plugin does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. PoC passster password="1" area='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert/XSS///'...
GS Logo Slider < 3.3.8 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. PoC 1...
Top 10 < 3.2.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert a...
Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...
Content Control < 1.1.10 - Contributor+ Stored XSS
The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. PoC Explo...
ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Print-O-Matic < 2.1.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Exploit...
Meteor Slides < 1.5.7 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC...
OneClick Chat to Order < 1.0.4.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Instal...
User Verification < 1.0.94 - Authentication Bypass
The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website. PoC...
WP Popups < 2.1.4.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...
BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC POST /wp-admin/admin.php?page=brutebank-settings HTTP/1.1 publickey=site.a%22%2522aaaa%3Daaakey=aaa=Update...
Optimize images ALT Text (alt tag) & names for SEO using AI < 2.0.8 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC Use the following form to abuse the CSRF vulnerability on the settings page: action| ---|--- layout| textColor| contentBackgroundColor|...
Product Slider for WooCommerce < 2.6.4 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Install t...
Word Balloon < 4.19.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Page-list < 5.3 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Landing Page Builder < 1.4.9.9 - Contributor+ Cross-Site Scripting via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...
Sassy Social Share < 3.3.45 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Insert th...
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Exploit...
WP Limit Login Attempts <= 2.6.4 - IP Spoofing
The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms. PoC Set HTTPCLIENTIP or HTTPXFORWARDEDFOR as used in wplimitgetip to spoof the IP address and bypass the block...
WP Statistics < 13.2.9 - Authenticated SQLi
The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...
CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQLi
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. PoC 1. Create and publish a new petition. 2. Invoke the following curl command, with the nonce in place, to induce a...
Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...
Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...
Search & Filter < 1.2.16 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. PoC Insert the...
WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Sitemap < 4.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC pagelist...
All In One WP Security & Firewall < 5.1.3 - Configuration Leak
The plugin leaked settings of the plugin publicly, including the used email address. PoC Config leak in previous versions: "aiowpsremovewpgeneratormetainfo" filetype:txt https://www.google.com/search?q=%22aiowpsremovewpgeneratormetainfo%22+filetype%3Atxt Search for aiowpsemailaddress...
Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: ratemypost-result id='" onmouseover="alert1"'...
Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS
The plugin does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin. PoC 1. Install and activate WoocCommerce dependency, no configuration...
EU Cookie Law <= 3.1.6 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Enter the setting page of this plugin. 2...
Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin
The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. PoC Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user,...
Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in the plugin: class Evil public function wakeup : void...
FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing
The plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin. PoC Set HTTPXREALIP, HTTPXFORWARDEDFOR, HTTPCFCONNECTINGIP or HTTPCLIENTIP to spoof the IP address...
HashBar – WordPress Notification Bar < 1.3.6 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: hashbarbtn btntarget='" onmouseover="alert1"'...
Easy Bootstrap Shortcode <= 4.5.4 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...
Conditional Payment Methods for WooCommerce <= 1.0 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin|users with a role as low as admin. PoC...
Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Events Made Easy < 2.3.17 - Subscriber+ Unauthorised AJAX Calls
The plugin does not have authorisation in some AJAX actions, allowing any authenticated users, such as subscriber, to call them...
Easy Accordion < 2.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Tickera < 3.5.1.0- Plugin Data Deletion via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC 1. Navigate to Tickera Settings » Delete info 2. Delete info request intercept like that POST...