14604 matches found
HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them PoC...
HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload
The plugin does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server PoC await fetch"https://example.com/wp-admin/admin.php?page=html2wp-settings", "headers":...
HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion
The plugin does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file PoC To delete the license.txt at the root of the blog: await...
Browser and Operating System Finder <= 1.2 - Unauthenticated Settings Reset
The plugin does not have authorisation and CSRF check when resetting its settings, allowing unauthenticated users to reset them PoC https://example.com/?type=reset-all...
Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
The plugin allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. PoC As a vendor, add a review in any products with following payload: https://youtu.be/gGUNSG5s5JU...
Download manager < 3.2.43 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the frameid parameter before outputting it back in a JS context, leading to a Reflected Cross-Site Scripting...
Ultimate Member < 2.4.0 - Subscriber+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Biography available on user profile pages, which could allow users to perform Cross-Site Scripting attacks via their profile...
Co-Authors-Plus 3.5/3.5.1 - Guest Authors Email Address Disclosure
The plugin introduced an information disclosure vulnerability specifically, the e-mails of guest authors via a public REST endpoint accessible without any authentication PoC https://example.com/wp-json/wp/v2/coauthors...
WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF
The plugin does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks PoC Put an internal/LAN URL such as below in the file upload by URL function https://127.0.0.1:8080...
Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the text...
Flower Delivery by Florist One <= 3.5.15 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setups PoC As admin, go to the plugin's settings, create a ne...
Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC POST /wp-admin/admin.php?page=simple-woocommerce-csv-loader%2Fadmin%2FCSVLoader.php HTTP/1.1 Accept:...
My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...
New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF
The plugin does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visiting specially crafted websites. PoC Add...
Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...
Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC XSS will be triggered in all posts...
Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well PoC...
Modern Events Calendar Lite < 6.3.0 - Authenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape some parameters, which could allow low privilege users to perform Stored Cross-Site Scripting attacks...
Mobile Browser Color Select <= 1.0.1 - Stored Cross-Site Scripting via CSRF
The plugin is lacking CSRF check in its adminupdatedata function, which could allow attackers to make a logged in admin call it, and perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the processed user input...
Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF
The plugin does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. PoC...
Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and...
Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG
The plugin does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads PoC As an author or above, upload the below SVG file via the Media library: The XSS will be triggered when accessing the file directly, e.g...
Spectra < 1.25.6 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the admin notice about Usage Tracking is displayed: https://example.com/wp-admin/index?a"...
CURCY < 2.1.18 - Reflected Cross-Site Scripting
The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wc-reports"...
Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC ''...
OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well PoC...
WP Post Styling < 1.3.1 - Multiple CSRF
The plugin does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks PoC...
Visualizer < 3.7.7 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart=yes=6190=visualizer"...
WPMK Ajax Finder <= 1.0.1 - Stored Cross-Site Scripting via CSRF
The plugin is missing CSRF check when updating its settings, which could allow attacker to make a logged in admin change them, as well as put XSS payloads in them due to the lack of sanitisation and escaping...
WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well PoC...
Age Gate < 2.20.4 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC With the "Age Gate User Registration" addon installed: https://example.com/wp-admin/admin.php?page=age-gate" With any addon installed:...
GTM4WP < 1.15.2 - Admin+ Stored Cross-Site Scripting
The plugin does not properly escape the Content Element ID settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed for example multisite setups...
MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF
The plugin does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks PoC...
Video Conferencing with Zoom < 3.9.3 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=zoom-meetings=zoom-video-conferencing-settings"...
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting PoC With the "Compatibility Mode"...
Germanized for WooCommerce < 3.9.5 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=wc-settings=germanized"...
Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC...
Events Made Easy < 2.2.81 - Unauthenticated SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection PoC Obtain a valid nonce visit the "Events" page, default is /events/, and extract it from the source while looking for...
CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. PoC...
Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well PoC...
PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC .pdf24Plugin-cp border:1px solid silver; .pdf24Plugin-cp inputtype="text" width:200px; border:1px solid silver; margin:0; padding:2px;...
PDF24 Articles To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC .pdf24Plugin-cp border:1px solid silver; .pdf24Plugin-cp inputtype="text" width:200px; border:1px solid silver; margin:0; padding:2px;...
New User Approve < 2.4.1 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC With the Membership settings /wp-admin/options-general.php disabled: https://example.com/wp-admin/index.php?a"...
WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP Spoofing
The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions. PoC Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any of the other headers used in getipaddress. curl...
Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting
The plugin does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfilteredhtml is disallowed for example in multisite setup PoC Put the following payload in the "Google Analytics" settings of the plugin in the General...
Very Simple Contact Form < 11.6 - Captcha bypass
The plugin exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. PoC import requests from requestshtml import...
Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
The plugin does not escape and sanitise the preheadertext setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed PoC Go to Newsletters of Newsletter at wordpress admin panel eg...
Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Try ...
Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC In the plugin's settings, tick 'Custom Button' and put the following...
Better Find and Replace < 1.3.6 - Admin+ SQLi
The plugin does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection PoC...