14603 matches found
Blog2Social < 6.9.10 - Subscriber+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers PoC Run the script below in the web browser console while being logged in as a subscriber and on the Blog2Social...
Shortcodes Ultimate < 5.12.1 - Settings Preset Update via CSRF
The plugin does not have CSRF check in place when updating its preset settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
OSM <= 6.0.1- CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Media Library Folders < 7.1.2 - Plugin Reset via CSRF
The plugin does not have CSRF check when reseting its data, which could allow attackers to make logged in admin reset the plugin data, such as the DB tables via a CRSF attack...
LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF
The plugin does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. PoC...
Accordions < 2.1.0 - Authenticated Arbitrary Options Update
The plugin does not have proper authorisation, which could allow high privilege users to update arbitrary options even they they should not be allowed to...
AdminPad < 2.2 - Note Update via CSRF
The plugin does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack PoC Notes are displayed in the Dashboard /wp-admin/index.php...
Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...
Media Library Assistant < 3.01 - Unauthenticated Error Log Access
The plugin does not have authorisation in place, which could allow unauthenticated attackers to access its error log if they can guess or brute force the filename...
Quiz And Survey Master < 7.3.5 - Quiz Update via IDOR
The plugin does not ensure that the quiz to be edited belongs to the user making the request, allowing high privilege users to edit quiz they should not be able to...
Analytify < 4.2.3 - Cache Deletion via CSRF
The plugin does not have CSRF check when deleting cache, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Accordions < 2.1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Analytics Cat < 1.1.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Asset CleanUp: Page Speed Booster < 1.3.8.5 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
Booking Ultra Pro <= 1.1.4 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in some places, and does not sanitise as well as escape parameters, which could allow attackers to make logged in users put Stored XSS payloads via CSRF attacks...
Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection
The plugin does not validate data when its output in a CSV file, which could lead to CSV injection. PoC - Submit an order using =5+5 as "first name" and empty "last name" the plugin allows that. - Export the data as CSV from Reports Export. - Open the CSV with a spreadsheet application Excel,...
Booking Ultra Pro <= 1.1.4 - Multiple CSRF
The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...
Store Locator < 1.4.6 - Stored XSS via CSRF
The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Manage Notification E-mails < 1.8.3 - Settings Reset via CSRF
The plugin does not have CSRF check when resetting its settings, which could allow attackers to make logged in admin perform such action via a CSRF attack...
3dady Real Time Web Stats <= 1.0 - Stored Cross-Site Scripting via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping, it could also lead to Stored Cross-Site Scripting issue PoC Make a logged in admin op...
Forym <= 1.5.8 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC On a blog having the plugin and the Search Forum Widget active, append the following parameter: ?s="...
Advanced Ads < 1.32.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Oceanwp Sticky Header <= 1.0.8 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Comment Guestbook <= 0.8.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass
The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. PoC curl -X POST -F "sizelimit=10485760" -F...
miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling
The plugin does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example PoC Run the below command in the developer console of the web browser while being on the blog as any user, such as subscriber...
Frontend File Manager < 21.4 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. As the plugin does not validate the allowed file type, this could lead to attackers making admins allowing PHP file to be uploaded by any...
Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/Edit a Course, add a new Topic and put the followi...
Sabai Discuss < 1.4.14 - Reflected Cross Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in the page when number filters are enabled, leading to Reflected Cross-Site Scripting PoC https://example.com/questions?category=77=1numbermin=" https://example.com/questions?category=77=1numbermax="...
Helpful < 4.5.26 - Information Disclosure
The plugin puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings PoC After an admin export logs via...
Pop-Up Chop Chop <= 2.1.7 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
WP Page Widget < 4.0 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Intercept the request made when saving the...
Frontend File Manager < 21.4 - File Upload via CSRF
The plugin does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf PoC The file won't show up via the frontend/backend, but will be uploaded in the user folder ie in wp-content/uploads/useruploads//payload.pdf...
Social Media Follow Buttons Bar <= 4.73 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Activity Log < 2.8.4 - CSV Injection
The plugin does not validate data when output it back in a CSV file, which could lead to CSV injection...
MailOptin < 1.2.50.0 - Unauthenticated Campaign Cache Deletion
The plugin does not have authorisation an CSRF checks when deleting campaign cache, which could allow any unauthenticated users to delete it either directly or via a CSRF attack...
SEO Redirection < 9.1 - 404 Error & History Deletion via CSRF
The plugin does not have CSRF check when deleting 404 errors and history, which could allow attackers to make logged in admins delete them via CSRF attacks...
Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery
The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...
Seriously Simple Podcasting < 2.16.1 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
FontMeister <= 1.08 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
Popup Maker < 1.16.9 - Contributor+ Stored XSS via Subscription Form
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a post/page pumsubform namefieldtype="fullname" labelname="Name"...
Kraken.io Image Optimizer < 2.6.6 - Settings Update via CSRF
The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged in admin change them via a CSRF attack...
Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a user with the Contributor or above, create a new Popup in Popup Maker menu with "content" field containing...
Tabs < 3.7.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow high privilege users to perform Cross-Site Scripting attacks...
3D Tag Cloud <= 3.8 - Stored XSS via CSRF
The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF
The plugin does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. PoC Make a logged in admin open a page with the following JS code:...
Demon Image Annotation < 4.8 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping in some of them, it could also lead to Stored Cross-Site Scripting...
Passster < 3.5.5.5.2 - Insecure Storage of Password
The plugin stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked...
WP Custom Cursors <= 3.0.1 - Admin+ SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin PoC As admin, open...