14602 matches found
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation
Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible...
Avada Theme < 7.11.14 - Unauthenticated Arbitrary Shortcode Execution
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before...
360 Product Rotation <= 1.5.8 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. PoC...
12 Step Meeting List < 3.16.6 - Unauthenticated Sensitive Information Exposure
Description The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.16.5. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Avada < 7.11.11 - Missing Authorization
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.11.10. This makes it possible for unauthenticated attackers to perform an unauthoriz...
12 Step Meeting List < 3.16.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion
Description The 12 Step Meeting List plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpajaxtsmldelete function in all versions up to, and including, 3.16.5. This makes it possible for authenticated attackers, with Contributor-level access a...
1003 Mortgage Application <= 1.87 - Unauthenticated Full Path Disclosure
Description The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attacker...
1003 Mortgage Application <= 1.87 - Missing Authorization
Description The 1003 Mortgage Application plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.87. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an...
4ECPS Web Forms <= 0.2.18 - Unauthenticated Arbitrary File Upload
Description The 4ECPS Web Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.2.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may mak...
1003 Mortgage Application <= 1.87 - Missing Authorization
Description The 1003 Mortgage Application plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.87. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Free WooCommerce Theme 99fy Extension < 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Free WooCommerce Theme 99fy Extension plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
3DVieweronline < 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5centsCDN <= 25.4.15 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
10CentMail <= 2.1.50 - Reflected Cross-Site Scripting
Description The 10CentMail plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.3.53 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PDF Flipbook, 3D Flipbook—DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attacke...
3D Avatar User Profile <= 1.0.0 - Reflected Cross-Site Scripting
Description The 3D Avatar User Profile plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Avada < 7.11.11 - Cross-Site Request Forgery
Description The Avada theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.11.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...
360 Javascript Viewer < 1.7.30 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ref’ parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
404 Solution < 2.35.20 - Reflected Cross-Site Scripting
Description The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
404 Solution < 2.35.18 - Missing Authentication to Sensitive Information Exposure
Description The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated attackers to extract sensitive data such as redirects including GET parameters which m...
404 Error Monitor <= 1.1 - Cross-Site Request Forgery to Plugin Settings Update via updatePluginSettings Function
Description The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings function. This makes it possible for unauthenticated attackers to make...
3DPrint Lite < 2.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC Have a logged in admin open an HTML page containing the following form:...
5 Stars Rating Funnel <= 1.4.01 - Authenticated (Contributor+) SQL Injection
Description The 5 Stars Rating Funnel plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.01 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
3D Presentation <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 3D Presentation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip < 2.3.42 - Reflected Cross-Site Scripting
Description The PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pdfsource' parameter in all versions up to, and including, 2.3.32 due to insufficient input sanitization and output escaping. This makes it...
2D Tag Cloud <= 6.0.2 - Reflected Cross-Site Scripting via add_query_arg Parameter
Description The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 6.0.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
Smart Custom 404 Error Page < 11.4.8 - Reflected Cross-Site Scripting
Description The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $SERVER'REQUESTURI' in all versions up to, and including, 11.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting
Description The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
LatePoint <= 4.9.91 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.91 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...
LatePoint <= 4.9.91 - Cross-Site Request Forgery
Description The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.91. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...
Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post'
Description The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
MDx < 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mdx_list_item Shortcode
Description The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdxlistitem' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfobanner shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultteam shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatedualcolor shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimateinfotable shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Ultimate Addons for WPBakery Page Builder < 3.19.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ultimatepricing shortcode in all versions up to, and including, 3.19.20 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block
Description WordPress does not properly escape the "file" attribute in the "Template Part block" allowing high-privileged users to perform Path Traversal on Windows servers, leading to arbitrary File Reads...
WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block
Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks. PoC As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. Go into Edito...
WordPress < 6.5.5 - Contributor+ Stored XSS in HTML API
Description WordPress does not properly escape URL attributes in the HTML API, allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks...
WooCommerce 8.8.0 - 8.9.2 - Reflected XSS
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
Dextaz Ping <= 0.65 - Admin+ RCE
Description The plugin is vulnerable to Remote Code Execution, allowing authenticated attackers, with administrator-level access and above, to execute code on the server...
Divi < 4.25.2 - Contributor+ Stored XSS
Description The theme is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesse...
Greenshift – animation and page builder blocks < 8.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social share block in all versions up to, and including, 8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes...
Tooltip CK <= 2.2.15 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Tooltip CK plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Advanced Custom Fields Pro < 6.2.10 - Authenticated (Contributor+) Code Injection
Description The Advanced Custom Fields Pro plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 6.2.9. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server...
Photo Gallery by 10Web <= 1.8.25 - Missing Authorization
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.25. This makes it possible for authenticated attackers, with Subscriber-level...
Advanced Custom Fields Pro < 6.2.10 - Authenticated (Contributor+) Local File Inclusion
Description The Advanced Custom Fields Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.2.9. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server,...
Weather Widget Pro <= 1.1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Weather Widget Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...