14602 matches found
Contact Form Widget < 1.4.0 - Sensitive Information Exposure
Description The Contact Form Widget – Contact Query, Contact Page, Form Maker, Query Table plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to extract sensitive user or...
Integration for Contact Form 7 and Salesforce <= <=1.3.9 - Cross-Site Request Forgery
Description The Integration for Contact Form 7 and Salesforce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, =1.3.9. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated...
Popup More Popups < 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Popup – Popup More Popups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload
Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code...
ChaosTheory < 1.3.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The ChaosTheory theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...
Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget attributes in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it...
Master Slider – Responsive Touch Slider < 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslideinfo' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tagname'...
Move Addons for Elementor < 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
DethemeKit For Elementor < 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...
WP Fundraising Donation and Crowdfunding Platform < 1.7.0 - Missing Authorization
Description The WP Fundraising Donation and Crowdfunding Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions surrounding donation modification in versions up to, and including, 1.6.4. This makes it possible for...
Elegant Blocks <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elegant Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress < 3.4.0 - Missing Authorization to Arbitrary Post/Page Creation
Description The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emdformbuilderlitesubmitform function in all versions up to, and including, 3.3.6. This...
Popup Builder < 1.1.30 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to injec...
Radio Player < 2.0.74 - Missing Authorization
Description The Radio Player plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the renderplayer function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to render arbitrary radio players...
Fastly < 1.2.26 - Missing Authorization via AJAX actions
Description The Fastly plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on the plugin's AJAX actions in versions up to, and including, 1.2.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
WP Table Builder – WordPress Table Plugin < 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Magazine Blocks < 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title markup parameter in all versions up to, and including, 1.3.6 due to insufficient...
Tagembed <= 5.8 - Missing Authorization
Description The Tagembed plugin for WordPress is vulnerable to unauthorized access of functionality in versions up to, and including, 5.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke such functionality. The security impact is low...
Landing Page Builder < 1.5.1.9 - Reflected Cross-Site Scripting via pageType
Description The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the pageType parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and...
iframe < 5.1 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Integration for Contact Form 7 HubSpot <=1.3.1 - Cross-Site Request Forgery
Description The Integration for Contact Form 7 HubSpot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers ...
Picture Gallery < 1.5.12 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Picture Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject...
Popup Maker WP <= 1.2.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Popup Maker WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to injec...
ImageMagick Sharpen Resized Images <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The ImageMagick Sharpen Resized Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Order Export & Order Import for WooCommerce < 2.5.0 - Authenticated (Administrator+) PHP Object Injection
Description The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.9 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above,...
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output...
Uber Menu < 3.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
Description The UberMenu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ubermenu-col, ubermenumobileclosebutton, ubermenutoggle, ubermenu-search shortcodes in all versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on...
Salon booking system < 10.0 - Unauthenticated Arbitrary File Deletion
Description The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers t...
Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.6 - Missing Authorization
Description The Builder for WooCommerce reviews shortcodes – ReviewShort plugin for WordPress is vulnerable to unauthorized access of functionality in versions up to, and including, 1.01.5. This makes it possible for unauthenticated attackers to make use of this functionality intended for higher...
Clearfy Cache <= 2.2.1 - Cross-Site Request Forgery
Description The Clearfy Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...
Fast Custom Social Share by CodeBard <= 1.1.2 - Cross-Site Request Forgery
Description The Fast Custom Social Share by CodeBard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Extend Themes <= (Multiple Versions) - Cross-Site Request Forgery
Description Several Extend Themes themes for WordPress are vulnerable to Cross-Site Request Forgery in multiple versions. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they ca...
EmpowerWP < 1.0.22 - Cross-Site Request Forgery to Notice Dismissal
Description The EmpowerWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.21. This is due to missing or incorrect nonce validation on the empoweradminajaxwelcomenoticedismiss function. This makes it possible for unauthenticated attackers to...
Rank Math SEO with AI Best SEO Tools < 1.0.219-beta - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 1.0.218 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Logo Slider < 4.0.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Using a contributor account, add a Logo Slider using the...
Elementor Header & Footer Builder < 1.6.29 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hfesvgmimetypes’ function in versions up to, and including, 1.6.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WP Job Manager < 2.3.0 - Unauthenticated Information Exposure
Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
One Click Demo Import < 3.2.1 - Authenticated (Admin+) PHP Object Injection
Description The One Click Demo Import plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Objec...
ArForms < 6.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add or edit an existing form an...
Salient Shortcodes < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Salient Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'icon' shortcode in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP Backpack <= 2.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
Elementor Header & Footer Builder < 1.6.27 - Authenticated (Author+) HTML Injection
Description The Elementor Header & Footer Builder for WordPress is vulnerable to HTML Injection in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to...
Unyson < 2.7.31 - Cross-Site Request Forgery
Description The Unyson plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.30. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action...
Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS < 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Event Calendar widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Happy Addons for Elementor < 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group Widget
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group widget in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied 'tooltipposition' attribute. This...
Yoast SEO < 22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayname’ author meta in all versions up to, and including, 22.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Dynamics 365 Integration < 1.3.18 - Unauthenticated Sensitive Information Exposure
Description The Dynamics 365 Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.17 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained i...
Testimonial Carousel For Elementor < 10.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'showlinetext ' and 'slidebuttonhoveranimation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes i...
ArForms < 6.6 - Unauthenticated RCE
Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...
WP Stacker <= 1.8.5 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make an admin open an HTML document containing:...