14604 matches found
eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload
The plugin suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validatio...
Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them PoC...
Photo Gallery by Supsystic < 1.15.6 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...
Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting. PoC Install and active the...
Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation in some of them, it could also lead to Stored XSS issues PoC...
Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection
The plugin does not validate merge tags provided in the request, which could allow unauthenticated attackers to call any static method present in the blog. One from the plugin in particular could allow for PHP Object Injection when a suitable gadget is also present on the blog. Attackers have bee...
Easy Testimonials < 3.9 - Reflected Cross-Site Scripting
The plugin, when used along the Pro version, does not escape an URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting PoC With the pro version installed and when consent hasn't been given yet:...
404 to 301 < 3.1.2 - Reflected Cross-Site Scripting
Description The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=jj4t3-logs"...
Flexible Shipping < 4.11.9 - Reflected Cross-Site Scripting
The plugin does not escape shipping method URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting...
WooCommerce Menu Cart < 2.12.0 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When there is no shop active yet: https://example.com/wp-admin/index.php?a"...
Gravity PDF < 6.3.1 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=gfeditforms=settings=pdf=1'...
Clearfy Cache < 2.0.5 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When Disable assets manager on back-end" is off: https://example.com/wp-admin/admin.php?page=gonzales-wbcrclearfy=indexassetsmanager=1"...
WordPress Team Manager <= 1.6.9 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
ShortPixel Image Optimizer < 4.22.10 - Reflected Cross-Site Scripting
The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/options-general.php?page=wp-shortpixel-settings&"...
WooCommerce PDF Invoices & Packing Slips < 2.15.0 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wpowcpdfoptionspage=documents=invoice&"...
Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting
The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=wbcr-snippets=import-wbcrinsertphp"...
Checkout Fields Manager for WooCommerce < 5.5.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wc-settings=wooccm=advanced&"--...
Travel Management <= 2.0 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
WordPress Real Cookie Banner < 2.18.2 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When there is the notice about the updated template: https://example.com/wp-admin/index.php?a"...
Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=modula-gallery=modula-addons" Other URLs are affected...
Custom Popup Builder <= 1.3.1 - Contributor+ Stored Cross-Site Scripting
The plugin does have proper authorisation in place, and does not sanitise as well as escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
XO Slider < 3.3.3 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Slider fields, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
WP All Export < 1.3.6 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https;?/example.com/wp-admin/admin.php?page=pmxe-admin-manage"...
Elementor < 3.5.6 - DOM Reflected Cross-Site Scripting
The plugin does not sanitise and escape user input appended to the DOM via malicious Lightbox settings, resulting in a DOM Cross-Site Scripting issue PoC...
Gallery < 2.0.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue PoC...
WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Create/edit a Slider, select the "text or HTML" for the " What...
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following payload in a field label: The XSS will be triggered when editing the form, as well as ...
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC - Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "...
Age Gate < 2.17.1 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks...
Social Share Buttons < 2.2.4 - Subscriber+ SQLi
The plugin does not properly sanitise and escape some parameters before using them in SQL statements available to any authenticated users, leading to SQL injections...
Toolbar To Share <= 2.0 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site scripting issue due to a lack of sanitisation and escaping...
Social Share Buttons by Supsystic < 2.2.4 - Subscriber+ Unauthorised Actions
The plugin does not have proper access controls in some features, which could allow low privilege users to perform unauthorised actions...
Gallery Bank <= 4.0.50 - Author+ Stored XSS via Gallery Description
The plugin does not sanitise and escape the Gallery Description field, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
Gallery Bank <= 4.0.50 - Author+ Stored XSS via Media Upload Module
The plugin does not sanitise and escape the Image Title field via the Media Upload module, which could allow users with a role as low as Author to perform Stored Cross-Site Scripting attacks...
Copify <= 1.3.0 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF when updating its settings, and it also missing sanitisation as well as escaping in some of them. This could allow attackers to make a logged in admin update them and put Stored Cross-Site Scripting payloads in them...
API KEY for Google Maps < 1.2.2 - Arbitrary API Key Update via CSRF
The plugin does not have CSRF in place when updating the API key, allowing attackers to make a logged in admin perform such action via a CSRF attack...
XCloner < 4.3.6 - Plugin Settings Reset
The plugin does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. v4.3.5 added capability check, but CSRF one still missing. PoC v 4.3.5 - wget...
Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Put the following payload in the...
Qubely < 1.8.1 - Authenticated Arbitrary Settings Update
The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber in versions 1.7.9 or contributor in v 1.8.1 to update them PoC As a subscriber Nonce can be taken from the qubelylocalscript-js-extra script on the homepage...
WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Put the following payload in the...
miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting
The plugin does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks PoC v 1.0.4 v 1.0.5...
miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Enable 2FA + Website Security and...
NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a gallery with at least one image...
miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup PoC Put the following payload in the...
Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack PoC...
Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
The plugin does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed PoC Put the following payload on the "Menu Name" settings of the plugin: "onmouseover=alert"XSS"//...
Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus...
Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "IDP Metadata" "Id...
Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create a gallery with the "Gallery Theme" set to "Gallery Image 2", add an image and put the...
Form - Contact Form <= 1.2.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a form, add a Custom Text field, put the following payload in it: , save the field and...