14602 matches found
Testimonial Slider < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
ConvertPlug < 3.5.26 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
Description The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cpdismissnotice function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and...
Stop Spammers Security | Block Spam Users, Comments, Forms < 2024.5 - Cross-Site Request Forgery (CSRF) via sfs_process
Description The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfsprocess AJAX action. This makes it possible for...
Gutenberg Blocks by Kadence Blocks < 3.2.35 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Hummingbird < 3.7.4 - Missing Authorization
Description The Hummingbird plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /admin/class-ajax.php file in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to perform unauthorized...
Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Elementor Widget URL Custom Attributes
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder < 2.5.4 - Contrib+ DOM-Based Cross-Site Scripting
Description The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the ‘typingcursor’ parameter in versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it...
Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.7.8 - Sensitive Information Exposure
Description The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wpdndcf7uploads/wpcf7-files' directory. This makes it possible for unauthenticated...
Breakdance < 1.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta
Description The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for...
Simple Basic Contact Form < 20240502 - Reflected Cross-Site Scripting
Description The Simple Basic Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘scfemail’ parameter in versions up to, and including, 20221201 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
Folders Pro < 3.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name
Description The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
ConvertPlug < 3.5.26 - Authenticated (Contributor+) PHP Object Injection
Description The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...
Flexible Shipping < 4.24.16 - Missing Authorization
Description The Flexible Shipping plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
Photo Gallery by 10Web < 1.8.21 - Missing Authorization
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.20. This makes it possible for unauthenticated attackers to perform an...
WP Masquerade <= 1.1.0 - Subscriber+ Account Takeover
Description The WP Masquerade plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to access other users accounts which may be higher in privilege...
Giveaways and Contests by RafflePress < 1.12.11 - IP Spoofing
Description The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.12.7 due to insufficient IP address validation. This makes it possible for...
Multiple Themes by jegstudio - Multiple Versions - Missing Authorization to Notice Dismissal
Description Multiple theme for WordPress by jegstudio are vulnerable to unauthorized modification of data due to a missing capability check on the noticeclosed function in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and...
ProfileGrid < 5.8.3 - Bypass Group Members Limit
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to group limit bypass in all versions up to, and including, 5.8.2. This is due to the plugin not properly verifying the limits of a group before adding a member. This makes it...
Premium Addons for Elementor < 4.10.31 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
WP Time Slots Booking Form < 1.2.07 - Unauthenticated Price Manipulation
Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to price manipulation due to insufficient server-side validation of prices in versions up to, and including, 1.2.06. This makes it possible for unauthenticated attackers to alter the price of bookings...
Jeg Elementor Kit < 2.6.5 - Contributor+ Stored XSS via Countdown Widget
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
ShopLentor (formerly WooLentor) < 2.8.8 - Missing Authorization
Description The ShopLentor formerly WooLentor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the purchasednewproducts function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to view all...
Import and export users and customers < 1.26.6 - Missing Authorization
Description The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxforceresetpassworddeletemetas function in all versions up to, and including, 1.26.5. This makes it possible for authenticated...
SimpleShop < 2.10.1 - Cross-Site Request Forgery
Description The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. This is due to missing or incorrect nonce validation on the maybedisconnectsimpleshop function. This makes it possible for unauthenticated attackers to...
Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes
Description The Swift Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 2.7.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
FG Joomla to WordPress < 4.21.0 - Sensitive Information Exposure
Description The FG Joomla to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.20.2 via log files. This makes it possible for unauthenticated attackers to view potentially sensitive information in log files...
USPS Shipping for WooCommerce – Live Rates < 1.10.0 - Sensitive Information Exposure
Description The USPS Shipping for WooCommerce – Live Rates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.4 via log files. This makes it possible for unauthenticated users to extract potentially sensitive information from log files...
Customer Email Verification for WooCommerce < 2.7.5 - Authentication Bypass
Description The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to...
Simple Membership < 4.4.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Simply Static < 3.1.4 - Unauthenticated Information Exposure
Description The Simply Static plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the expose...
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.0 - Cross-Site Request Forgery to Notice Dismissal
Description The OptinMonster plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the validatepleaseconnectnoticedismiss function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can...
ColibriWP Theme framework - Various Versions and Themes - Missing Authorization
Description The ColibriWP Theme framework used by multiple themes for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activateplugin' AJAX action in various versions. This makes it possible for authenticated attackers, with subscriber-level...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.18 - Contributor+ Stored XSS
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders is vulnerable to Stored Cross-Site Scripting via the ‘eaeleventtextcolor’ parameter...
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.8.8 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
ElementsKit Elementor addons 3.0.7 - 3.1.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update
Description The Swift Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sfeditdirectoryitem function in all versions up to, and including, 2.7.31. This makes it possible for unauthenticated attackers to update arbitrary post...
Car Dealer < 4.16 - Admin+ Content Injection
Description The Car Dealer Dealership and Vehicle sales plugin for WordPress is vulnerable to unauthorized content injection due to insufficient input validation in all versions up to, and including, 4.15. This makes it possible for authenticated attackers, with administrator-level access and...
Premium Addons for Elementor < 4.10.26 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Blocksy < 2.0.34 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Maintenance Mode by helderk < 3.0.2 - Unauthenticated IP Spoofing
Description The Maintenance Mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.0.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP Address...
Pricing Table by Supsystic < 1.9.13 - Admin+ Content Injection
Description The Pricing Table by Supsystic plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.9.12. This makes it possible for authenticated attackers, with admin-level access and above, to inject arbitrary content. This is not a security issue by...
WP Fusion Lite – Marketing Automation and CRM Integration for WordPress < 3.43.0 - Information Exposure
Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.42.10 through publicly exposed log files. This makes it possible for unauthenticated attackers to vi...
Solid Affiliate <= 1.9.1 - Sensitive Information Exposure
Description The Solid Affiliate plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.1 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...
Newsletters < 4.9.6 - Information Exposure via Log files
Description The Newsletters plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.5. This makes it possible for unauthenticated attackers to extract potentially sensitive information from log files...
Metform Elementor Contact Form Builder < 3.8.4 - Missing Authorization to Notice Dismissal
Description The Metform Elementor Contact Form Builder is vulnerable to unauthorized modification of data due to a missing capability check on the dismissajaxcall function. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices...
HT Mega – Absolute Addons For Elementor < 2.4.8 - Missing Authorization to Information Exposure
Description The HT Mega plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the duplicate function in all versions up to, and including, 2.4.7. This makes it possible for authenticated attackers, with contributor-level access and above, to...
SimpleShop < 2.10.3 - Missing Authorization
Description The SimpleShop plugin for WordPress is vulnerable to unauthorized disconnection from SimpleShop due to a missing capability check on the maybedisconnectsimpleshop function in all versions up to, and including, 2.10.2. This makes it possible for unauthenticated attackers to disconnect...
WP GDPR Compliance <= 2.0.23 - Cross-Site Request Forgery
Description The WP GDPR Compliance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...
Royal Elementor Addons < 1.3.95 - Unauthenticated IP Spoofing
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to IP Address Spoofing due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP addresses. PoC Set any of the following server headers as used in...
Pet Manager <= 1.4 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. PoC 1. Go to "Pets Add Pet" 2. In the "Address" field add the payload " style=animation-name:rotation...