14602 matches found
Joli FAQ SEO – WordPress FAQ Plugin < 1.3.3 - Cross-Site Request Forgery
Description The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to chan...
Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Print-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
PB MailCrypt <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PB MailCrypt plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
SEOPress < 7.7 - Information Exposure
Description The SEOPress – On-site SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Rank Math SEO with AI Best SEO Tools < 1.0.218 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Directorist < 7.9.0 - Missing Authorization
Description The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.8.6. This makes it possible for unauthenticated attacker...
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) < 3.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter
Description The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More Gutenberg Blocks and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitizati...
Download Alt Text AI < 1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Alt Text AI – Automatically generate image alt text for SEO and accessibility plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it...
Popup box < 4.1.3 - Cross-Site Request Forgery
Description The Popup box plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged...
DecaLog < 3.9.1 - Authenticated (Admin+) SQL injection
Description The DecaLog plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...
Min and Max Purchase for WooCommerce <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Min and Max Purchase for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Blocksy < 2.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Robo Gallery < 3.2.19 - Unauthenticated Information Exposure
Description The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.18. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery < 1.5.4 - Missing Authorization
Description The Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxvideogallery function in versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, wi...
Sunshine Photo Cart: Free Client Photo Galleries for Photographers < 3.1.2 - Unauthenticated PHP Object Injection
Description The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP...
Simple Image Popup <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Simple Image Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) < 3.9.0 - Authenticated (Subscriber+) SQL Injection
Description The Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel Free to install plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
The Plus Addons for Elementor < 5.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's element attributes in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Perfect Pullquotes <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Perfect Pullquotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Hercules Core < 6.5 - Authenticated (Subscriber+) PHP Object Injection
Description The Hercules Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known P...
Beaver Builder – WordPress Page Builder < 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linktarget parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
WP Migrate Pro < 2.6.11 - Unauthenticated PHP Object Injection
Description The WP Migrate Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.10 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerab...
Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Login Logout Register Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...
Freesia Empire < 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Freesia Empire theme for WordPress is vulnerable to Stored Cross-Site Scripting via post author display names in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
Easy Google Maps < 1.11.12 - Cross-Site Request Forgery
Description The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.11.11. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized...
BuddyPress < 12.4.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
WTI Like Post <= 1.4.6 - IP Spoofing
Description The WTI Like Post plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.4.6 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated...
Favicon Rotator < 1.2.11 - Reflected Cross-Site Scripting
Description The Favicon Rotator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
Photos and Files Contest Gallery < 21.3.5 - Authenticated (Contributor+) SQL Injection
Description The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 21.3.4 due to insufficient escaping on the user supplied parameter and...
KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open an HTML file containing where is a valid ID:...
Image Hover Effects - Elementor Addon < 1.4.2 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget
Description The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hover Effects Widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes...
Mihdan: Yandex Turbo Feed < 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Mihdan: Yandex Turbo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Ditty < 3.1.36 - Author+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing: XSS will trigger on the...
hostel < 1.1.5.4 - Cross-Site Request Forgery
Description The Hostel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5.3. This is due to missing or incorrect nonce validation when managing rooms. This makes it possible for unauthenticated attackers to create and delete rooms via a...
Startklar Elementor Addons < 1.7.14 - Unauthenticated Arbitrary File Upload
Description The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for...
KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection
Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection attacks PoC 1. Send a POST request to /wp-admin/admin.php?page=kkpb-add-project with the BODY action=edit-project=sleep5 2. Observe the delay in...
Contact Form by WPForms – Drag & Drop Form Builder for WordPress < 1.8.8.2 - Unauthenticated Price Manipulation
Description The Contact Form by WPForms – Drag & Drop Form Builder for WordPress is vulnerable to price manipulation. This is due to a lack of controls on several product parameters, making it possible for unauthenticated attackers to manipulate prices, product information, and quantities for...
Startklar Elementor Addons < 1.7.14 - Unauthenticated Arbitrary File Deletion
Description The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated...
Business Card <= 1.0.0 - Category Edit via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks PoC Make a logged in admin open an HTML document containing:...
Business Card <= 1.0.0 - Card Edit via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks PoC Make a logged in admin open an HTML document containing where is a valid ID:...
ClickCease Click Fraud Protection < 3.2.5 - Improper Authorization to sensitive information exposure via get_settings
Description The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the getsettings function in all versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with author access a...
Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) < 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget
Description The Magical Addons For Elementor Header Footer Builder, Free Elementor Widgets, Elementor Templates Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and including, 1.1.37 due to insufficient input...
Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting cards via CSRF attacks PoC Make a logged in admin open an HTML document containing where is a valid ID:...
Business Card <= 1.0.0 - Category Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks PoC Make a logged in admin open an HTML document containing:...
YITH WooCommerce Compare < 2.38.0 - Cross-Site Request Forgery
Description The YITH WooCommerce Compare is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to add/remove things from a product compare via a forged request granted they can...
Leaky Paywall < 4.20.9 - Missing Authorization to Price Manipulation
Description The Leaky Paywall plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 4.20.8. This is due to the plugin allowing the price field to be user supplied. This makes it possible for unauthenticated attackers to alter the price of memberships...
Appointment Hour Booking < 1.4.57 - Captcha Bypass
Description The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.4.56. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...
WP Travel Engine < 5.8.1 - Unauthenticated Price Manipulation
Description The WP Travel Engine – Best Travel Booking WordPress Plugin plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 5.8.0. This is due to the plugin not properly validating a price. This makes it possible for unauthenticated attackers to manipula...
WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...