14603 matches found
Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack PoC Make a logged in editor or admin open a page with the below payload...
Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF
The plugin does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack PoC Make a logged in admin open a page with the below code...
OWM Weather < 5.6.9 - Contributor+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor PoC Logon as contributor and open the below URL, which will result in a delayed response If the "could not find origin...
Font Awesome 4 Menus <= 4.7.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "A custom...
AM-HiLi <= 1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
AgentEasy Properties <= 1.0.4 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Video Thumbnails <= 2.12.3 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "Custom Fiel...
Salat Times < 3.2.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in any text field of Settings Salat Times: " Save, and the XSS will be...
Jeeng Push Notifications < 2.0.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Account ID"...
Permalink Manager Lite < 2.2.20.1 - Unauthenticated URI Deletion
The plugin does not have authorisation checks when deleting URI, which could allow unauthenticated attackers to delete them...
WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Access
The plugin does properly check for the access token in its REST API endpoints, which could allow unauthenticated attackers to call them and download arbitrary files...
Homepage Pop-up <= 1.2.5 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Deletion
The plugin does properly check for the access token in its REST API endpoints, which could allow unauthenticated attackers to call them and delete arbitrary files...
WP-Polls < 2.76.0 - IP Validation Bypass
The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations to vote in certain situations...
Restaurant Menu < 2.3.2 - Multiple CSRF
The plugin does not have proper CSRF checks in some AJAX actions, allowing any attackers to make a logged in admin perform unwanted actions via CSRF attacks...
Restaurant Menu < 2.3.1 - Unauthorised AJAX Calls
The plugin does not have authorisation and CSRF checks in some AJAX actions, allowing any authenticated users, such as subscriber to call them and perform unauthorised actions such as update the plugin's settings...
miniOrange's Google Authenticator < 5.6.2 - Subscriber+ Settings Update
The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...
Booster for WooCommerce - Checkout Files Deletion via CSRF
The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack PoC Requirements: - Enable the "Checkout File Upload" module of the plugin...
Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins PoC Create a New popup Insert pop-up name, title, and body text. Add a new trigger with...
WP User Frontend < 3.5.29 - Obscure Registration as Admin
The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...
Mantenimiento web < 0.14 - Stored XSS via CSRF
The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Event Monster < 1.2.1 - Admin+ SQLi
The plugin does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users PoC...
Booster for WooCommerce - ShopManager+ Arbitrary File Download
The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to for example in multisite PoC Enable the "Checkout File Upload" module and open the following URL ...
Content Egg < 5.5.0 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...
Event Monster < 1.2.0 - Visitors Deletion via CSRF
The plugin does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack PoC To delete the attendee/visitor with ID 1, make a logged in admin open a page with the HTML code below The statement deleting attendee is...
Appointment Booking Calendar < 1.3.70 - Feedback Submission via CSRF
The plugin does not have CSRF check when submitting feedback, which could allow attackers to make logged in users do such action on their behalf via a CSRF attack...
Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Settings Import via CSRF
The plugin does not have CSRF check in place when importing its settings, which could allow attackers to make a logged in admin import them via a CSRF attack...
Appointment Hour Booking < 1.3.72 - Feedback Submission via CSRF
The plugin does not have CSRF check when submitting feedback, which could allow attackers to make logged in users do such action on their behalf via a CSRF attack...
Advanced Dynamic Pricing for WooCommerce < 4.1.6 - Rule Type Migration via CSRF
The plugin does not have CSRF check when migrating rule types, which could allow attackers to make logged in admin perform such action via a CSRF attack...
Soledad < 8.2.6 - Subscriber+ Cross-Site Scripting
The plugin does not sanitise and escape a parameter, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...
TeraWallet – For WooCommerce < 1.4.0 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Go to Settings » Evaluate » Add New. 2...
Login Block IPs <= 1.0.0 - IP Spoofing Bypass
The function checkisloginpage uses headers for the IP check, which can be easily spoofed. PoC Set HTTPCLIENTIP to bypass blocks / use allowed IP addresses...
Ultimate Member < 2.5.1 - Admin+ LFI via Traversal
The plugin does not validate and sanitize the pack parameter before using it in an include statement, which could allow high privilege users to perform local file inclusion attacks via a Traversal vector...
Api2Cart Bridge Connector < 1.2.0 - Unauthenticated RCE
The plugin does not validate some parameters which could lead to RCE...
Ultimate Member < 2.5.1 - Admin+ RCE
The plugin does not validate user input passed to calluserfunc via the getoptionvaluefromcallback function, which could allow high privilege users to perform RCE even when they are not allowed to for example in multisite setup...
Creative Mail < 1.6.0 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as enable disable contact sync, reset the plugin, unlink accounts and update email marketing settings...
My wpdb < 2.5 - Arbitrary SQL Query via CSRF
The plugin is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack PoC...
Creative Mail < 1.6.0 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions such as Update Marketing Information via CSRF attacks...
Api2Cart Bridge Connector < 1.2.0 - Unauthenticated Arbitrary File Upload
The plugin does not validate file to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP...
Modula < 2.6.91 - Unauthenticated Troubleshooting Settings Update
The plugin does not have authorisation and CSRF checks when updating its troubleshooting settings, which could allow any unauthenticated user to update them...
WP Best Quiz <= 1.0 - Author+ Stored XSS
The plugin does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. PoC 1. Go to Quiz » Add Categories. 2. Inset a category with the payload as name: . 3. The XSS will be trigged when accessing the Add Categories...
Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal
The plugin does not validate and sanitize the template attribute of its shortcode before using it in an include statement, which could allow users with a role as low as contributor to perform local file inclusion attacks via a Traversal vector...
Spacer < 3.0.7 - Admin+ Stored XSS
The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC Add new Spacers and add payload " Gem to...
Ultimate Member < 2.5.1 - Subscriber+ RCE
The plugin does not validate user input passed to calluserfunc via the populatedropdownoptions function, which could allow any authenticated users, such as subscriber to call arbitrary functions without argument ie phpinfo...
Booster for WooCommerce < 5.6.7 - Settings Reset via CSRF
The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
Creative Mail < 1.6.0 - Settings Reset via CSRF
The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Avada < 7.8.2 - Arbitrary Plugin Instalation/Activation via CRSF
Description The theme does not have CSRF check when installing and activating plugins, which could allow attackers to make logged admins install and activate arbitrary plugins via CSRF attacks...
All in One SEO Pro < 4.2.6 - Admin+ SSRF
The plugin does not validate a parameter before making a request to it, which could allow users with a role as low as Admin to perform SSRF attack...
Zoho CRM Lead Magnet < 1.7.6.2 - Subscriber+ Arbitrary Options Update
The plugin does not have authorisation and CSRF in some AJAX actions, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary blog options such as defaultrole and userscanregister. PoC v response.text...