14602 matches found
Blocksy Companion < 2.0.46 - Contributor+ Stored Cross-Site Scripting via SVG Uploads
Description The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Hotel Booking Lite < 4.11.2 - Unauthenticated PHP Object Injection
Description The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...
Thim Elementor Kit < 1.1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Description The Thim Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Migration Backup Restore < 3.5.0 - Admin+ SSRF
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. PoC 1. Click on "Upload Backup" and add http://127.0.0.1:XXX/123.wpstg - "Upload". If the port is open it will return an error "Not...
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.105 - Contributor+ SQL Injection
Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Pods – Custom Content Types and Fields < 3.2.1.1 - Contributor+ Stored Cross-Site Scripting via Pod Form Redirect URL
Description The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer
Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied...
Falang multilanguage for WordPress < 1.3.50 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Falang multilanguage for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Shopping Cart & eCommerce Store < 5.6.5 - Sensitive Information Exposure
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.4 via the order report functionality. This makes it possible for unauthenticated attackers to extract sensitive data including order detai...
Kognetiks Chatbot for WordPress < 2.0.0 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function
Description The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbotchatgptuploadfiletoassistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers,...
Beaver Builder < 2.8.1.3 - Contributor+ Stored Cross-Site Scripting via photo widget crop attribute
Description The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the photo widget crop attribute in all versions up to, and including, 2.8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for...
Ninja Forms – The Contact Form Builder That Grows With You < 3.8.1 - Admin+ Stored Cross-Site Scripting
Description The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a form field in all versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for...
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Authenticated (Instructor+) Arbitrary File Upload
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'savepostmaterials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-lev...
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.103 - Reflected Cross-Site Scripting
Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'googleconnecterror' parameter in all versions up to, and including, 1.5.102 due to insufficient input sanitization and output escaping. Th...
Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Description The Elegant Themes Divi theme, Extra theme, and Divi Page Builder plugin for WordPress are vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘title’ parameter in versions up to, and including, 4.25.0 due to insufficient input sanitization and output escaping. This makes it...
Starter Templates — Elementor, WordPress & Beaver Builder Templates < 4.1.7 - Contributor+ Server-Side Request Forgery
Description The Starter Templates — Elementor, WordPress & Beaver Builder Templates plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.6 via the aiapirequest. This makes it possible for authenticated attackers, with contributor-level access...
Essential Addons for Elementor < 5.9.20 - Contributor+ DOM-Based Stored Cross-Site Scripting via Several Widgets
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker', 'Woo Product Gallery', & 'Twitter...
Max Mega Menu < 3.3.1 - Missing Authorization
Description The Max Mega Menu plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sandbox function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger the...
Colibri Page Builder < 1.0.249 - Missing Authorization
Description The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpajaxcolibripagebuilderwpmusetting AJAX action in all versions up to, and including, 1.0.248. This makes it possible for authenticated attackers,...
Spectra Pro < 1.1.6 - Authenticated (Author+) Privilege Escalation
Description The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for...
White Label CMS < 2.7.4 - Missing Authorization to Plugin Settings Reset
Description The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...
Gutenberg Blocks with AI by Kadence WP – Page Builder Features < 3.2.20 - Contributor+ Server-Side Request Forgery
Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.19. This makes it possible for authenticated attackers, with contributor-level access and above, to make web...
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.103 - Admin+ Command Injection
Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This...
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layouthtml’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.20 - Contributor+ Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table'
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to, and...
EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 3.9.16 due to...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.20 - Contributor+ Stored Cross-Site Scripting via 'Interactive Circles'
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient input...
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Unauthenticated Bypass to User Registration
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'createaccount' function in the checkout. This makes it possible for unauthenticated attackers to...
LearnPress – WordPress LMS Plugin < 4.2.6.6 - Unauthenticated Time-Based SQL Injection
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘termid’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
EWWW Image Optimizer < 7.3.0 - Cross-Site Request Forgery
Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.3. This is due to missing or incorrect nonce validation on the checkforoptin and checkforoptout functions. This makes it possible for unauthenticated...
Orders Tracking for WooCommerce < 1.2.11 - Unauthenticated Arbitrary Shortcode Execution
Description The The Orders Tracking for WooCommerce plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.10. This is due to the plugin allowing users to execute an action that does not properly validate a value before running...
HTML5 Audio Player- Best WordPress Audio Player Plugin < 2.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The HTML5 Audio Player- Best WordPress Audio Player Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2.19 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Gutenberg Blocks with AI by Kadence WP < 3.2.37 - Contributor+ Stored Cross-Site Scripting via Block Link
Description The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute of the plugin's blocks in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied...
Porto < 7.1.1 - Unauthenticated Local File Inclusion via porto_ajax_posts
Description The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any P...
Gianism <= 5.1.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
Site Reviews < 7.0.0 - IP Spoofing
Description The plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking PoC Request sent to the server to add review: POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: localhost:8888...
Swift Performance Lite < 2.3.6.19 - Subscriber+ Settings Update
Description The plugin is vulnerable to unauthorized access due to a missing capability check on the ajaxhandler function, allowing authenticated attackers, with subscriber-level access and above, to retrieve and modify settings...
GiveWP – Donation Plugin and Fundraising Platform < 3.5.0 - Authenticated (GiveWP Manager+) PHP Object Injection
Description The GiveWP plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with give manager-level access and above, to inject a PHP Object. No known POP...
Porto Theme - Functionality < 3.1.1 - Authenticated (Contributor+) Local File Inclusion via Shortcode
Description The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'portoportfolios' shortcode 'portfoliolayout' attribute. This makes it possible for authenticated attackers, with contributor-level and above...
Themify Shortcodes < 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode
Description The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's themifybutton shortcode in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Enter Addons < 2.1.6 - Contributor+ Stored XSS via Heading widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Heading widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute...
Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes it possible for...
Anti-Malware Security and Brute-Force Firewall < 4.23.56 - Unauthenticated Remote Code Execution
Description The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.21.96 due to weak nonce generation combined with missing authorization. This makes it possible for unauthenticated attackers to brute...
Porto < 7.1.1 - Authenticated (Contributor+) Local File Inclusion via Post Meta
Description The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'portopageheadershortcodetype', 'slideshowtype' and 'postlayout' post meta. This makes it possible for authenticated attackers, with contributor-level and above...
Enter Addons < 2.1.6 - Contributor+ Stored XSS via Animation Title widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages...
Playlist for Youtube <= 1.32 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
Gallery Block (Meow Gallery) < 5.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Gallery Block Meow Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dataatts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Breakdance < 1.7.2 - Authenticated (Contributor+) Remote Code Execution
Description The Breakdance plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.7.1 via post meta data. This is due to the plugin storing custom data in metadata with an underscore prefix. This makes it possible for lower privileged users, such as...
Porto Theme - Functionality < 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta
Description The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshowtype' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
Survey Maker < 4.1.0 - IP Address Spoofing
Description The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.0.9 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it...