14602 matches found
Serial Numbers for WooCommerce – License Manager <= 1.7.3 - Missing Authorization
Description The WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.3. This...
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.0.6.0 due to insufficient input sanitization and output escaping...
Stockholm Core < 2.4.2 - Authenticated (Contributor+) Local File Inclusion
Description The stockholm-core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the...
WPCS ( WordPress Custom Search ) <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WPCS WordPress Custom Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Timber < 1.23.1 - Authenticated (Admin+) PHP Object Injection
Description The Timber plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.23.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known PO...
WebinarPress <= 1.33.19 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as...
WP SMS < 6.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP SMS – Messaging, SMS & MMS Notifications, 2FA & OTP for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.5.1 due to insufficient input sanitization and output...
ShortPixel Adaptive Images < 3.8.4 - Authenticated (Admin+) Server-Side Request Forgery
Description The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.8.3 via the isourcdn function. This makes it possible for unauthenticated attackers to make web requests to...
WP etracker <= 1.0.2 - Reflected Cross-Site Scripting
Description The WP etracker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Tutor LMS – eLearning and online course solution < 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. Thi...
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...
Academy LMS < 1.9.26 - Unauthenticated Sensitive Information Exposure
Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Envo Extra < 1.8.17 - Authenticated (Contributor+) Cross-Site Scripting
Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
WP Discourse < 2.5.2 - Missing Authorization
Description The WP Discourse plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorize...
Netgsm <= 2.9.16 - Missing Authorization
Description The Netgsm plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.9.16. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...
Church Admin < 4.2.0 - Cross-Site Request Forgery
Description The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.32. This is due to missing or incorrect nonce validation on several functions in the includes/functions.php file. This makes it possible for unauthenticated...
All-in-One Video Gallery < 3.7.0 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode
Description The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovgsearchform shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute...
Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.38 - Contributor+ Stored Cross-Site Scripting
Description The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Testimonial', 'Progress Bar', 'Lottie Animations', 'Row Layout', 'Google Maps', and 'Advanced Gallery' blocks in all versions up to, and...
Visual Portfolio, Photo Gallery & Post Grid < 3.3.3 - Authenticated (Author+) Stored Cross-Site Scripting via title_tag Parameter
Description The Visual Portfolio, Photo Gallery & Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
Sydney Toolbox < 1.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WPZOOM Addons for Elementor (Templates, Widgets) < 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget
Description The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget Image Box in all versions up to, and including, 1.1.36 due to insufficient input sanitization and output escaping on user supplied attributes...
Jetpack < 13.4 - Contributor+ Stored Cross-Site Scripting via wpvideo Shortcode
Description The plugin did not properly escape some of its shortcode attributes, allowing users with at least the contributor role to conduct Stored XSS attacks. PoC wpvideo OcobLTqC freedom=true preloadContent='"src=x onerror=alertdocument.cookie xss'...
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection
Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. PoC 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the...
Alt Text AI – Automatically generate image alt text for SEO and accessibility < 1.5.0 - Authenticated (Subscriber+) SQL Injection
Description The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to generic SQL Injection via the ‘lastpostid’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack...
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE
Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files PoC Note: This must be tested on a web server running Apache 1 Create a new post 2 Add e-Learning block to the post and upload...
Exclusive Addons for Elementor < 2.6.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Team Member widget in all versions up to, and including, 2.6.9.6 due to insufficient input sanitization and output escaping on user supplied 'url' attribute. This makes it...
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) < 3.5.4 - Authenticated (Contributor+) Stored Cross-site Scriping via 'Sina Particle Layer'
Description The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Particle Layer widget in all versions up to, and including,...
Import and export users and customers < 1.26.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.38 - Contributor+ Stored Cross-Site Scripting via Typer Effect
Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the typer effect in the advanced heading widget in all versions up to, and including, 3.2.37 due to insufficient input sanitization and output...
WP eMember < 10.3.9 - Reflected XSS
Description The plugin does not sanitize and escape the "fieldId" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. PoC https://www.example.com/wp-admin/admin-ajax.php?fieldId==checkname...
Email Subscribers by Icegram Express < 5.7.20 - Missing Authorization in handle_ajax_request
Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on the handleajaxrequest function in all versions up to, and including, 5.7.19. This makes it possible f...
Image Optimization by Optimole < 3.13.0 - Author+ Stored Cross-Site Scripting via SVG Upload
Description The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allowmemetypes’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes...
Bulk Posts Editing For WordPress < 4.2.4 - Authenticated (Subscriber+) Missing Authorization
Description The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscrib...
Import and export users and customers < 1.26.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in all versions up to, and including, 1.26.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Borderless - Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user...
FS Product Inquiry <= 1.1.1 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users PoC Have any user admin or unauthenticated open an HTML page...
FS Product Inquiry <= 1.1.1 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape some form submissions, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks PoC 1. Add an inquiry form using the shortcode fspi-show-products-list 2. As a non-logged in visitor, enter the payload "...
Gutenberg Blocks by Kadence Blocks < 3.2.37 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add a Lottie Animation block to a po...
The Events Calendar < 6.4.0.1 - Reflected XSS
Description The plugin does not properly sanitize user-submitted content when rendering some views via AJAX. PoC...
BuddyBoss Platform < 2.6.0 - Insecure Direct Object Reference on Like Comment
Description The plugin contains an IDOR vulnerability that allows a user to like a private post by manipulating the ID included in the request PoC POST /wp-admin/admin-ajax.php HTTP/2 Host: buddyboss.example.com Cookie: REDACTED User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:120.0...
Password Protected < 2.6.7 - Missing Authorization to Sensitive Information Exposure
Description The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the API. This makes it possible for authenticated attackers, with subscrib...
Simple Ajax Chat < 20240412 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup This was partially fixed in 0240216 bu...
Essential Addons for Elementor < 5.9.21 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘eaelexttoctitletag’ parameter in versions up to, and including, 5.9.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions an...
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) < 3.5.4 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting
Description The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via several parameters in versions up to, and including, 3.5.3 due to insufficien...
Simple Basic Contact Form < 20240511 - Unauthenticated Arbitrary Shortcode Execution
Description The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the...
WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Missing Authorization
Description The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with...
140+ Widgets | Best Addons For Elementor – FREE < 1.4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The 140+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Open Redirect via css
Description The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the 'css' parameter. This makes it possible for unauthenticated...
YITH WooCommerce Gift Cards < 4.13.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update
Description The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savemailstatus' and 'saveemailsettings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated...
Graphina – Elementor Charts and Graphs < 1.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...