14602 matches found
Flattr <= 1.2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Flattr" settings 2. In...
Elementor Website Builder Pro < 3.21.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Description The Elementor Website Builder – More than Just a Page Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in versions up to, and including, 3.21.0 due to insufficient input sanitization and output escaping. This makes it possible fo...
ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...
Last Viewed Posts by WPBeginner < 1.0.1 - Unauthenticated PHP Object Injection
Description The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CAS <= 1.0.0 - Unauthenticated SSRF
Description The plugin does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack PoC https://example.com/wp-content/themes/cas/download.php?path=http://127.0.0.1:8080...
Pet Manager <= 1.4 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC 1. Add a pet and publish the listing 2. View the pet on the frontend of the site...
CAS <= 1.0.0 - Unauthenticated Arbitrary File Access
Description This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server PoC https://example.com/wp-content/themes/cas/download.php?path=...
Button contact VR <= 4.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Click on the "Button contact" and...
ColorNews < 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The ColorNews theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Knowledge Base documentation & wiki plugin – BasePress < 2.16.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Description The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.16.1 via the themestylerender function. This makes it possible for authenticated attackers, with subscriber-level...
PopupAlly <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The PopupAlly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery
Description The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.17. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an...
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tpfdeletetransient function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
Piotnet Addons For Elementor < 2.4.27 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
User Meta < 3.1 - Unauthenticated Sensitive Information Exposure
Description The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive...
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Reflected Cross-Site Scripting
Description The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 14.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Unauthenticated SQL Injection
Description The WZone plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 14.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) Privilege Escalation
Description The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 14.0.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to elevate their privileges...
ClickCease Click Fraud Protection <= 3.2.6 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an...
Meks Smart Social Widget <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Save as PDF plugin by Pdfcrowd < 3.2.1 - Missing Authorization
Description The Save as PDF plugin by Pdfcrowd plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createsamplebutton function in versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with...
Easy Set Favicon <= 1.1 - Reflected Cross-Site Scripting
Description The Easy Set Favicon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery
Description The Regenerate post permalink plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...
MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery
Description The MF Gig Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...
WP Page Post Widget Clone <= 1.0.1 - Missing Authorization
Description The WP Page Post Widget Clone plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with contributor-level access and above, to perform...
Five Star Restaurant Reservations < 2.6.17 - Missing Authorization
Description The Five Star Restaurant Reservations plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 2.6.16. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Piotnet Addons For Elementor Pro <= 7.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
WPPizza < 3.18.11 - Missing Authorization
Description The WPPizza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminajax function found in several files in versions up to, and including, 3.18.10. This makes it possible for authenticated attackers, with subscriber-level...
Video Conferencing with Zoom < 4.4.5 - Open Redirect
Description The Video Conferencing with Zoom plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.4.4. This is due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially malicious...
EPROLO Dropshipping < 1.7.2 - Missing Authorization
Description The EPROLO Dropshipping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eprolodisconnect, eproloreflsh, and eproloconnectkey functions in versions up to, and including, 1.7.1. This makes it possible for authenticated...
Assistant – Every Day Productivity Apps < 1.4.9.2 - Unauthenticated Sensitive Information Exposure
Description The Assistant – Every Day Productivity Apps plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9.1 via publicly accessible files. This makes it possible for unauthenticated attackers to view potentially sensitive information...
Financio < 1.1.4 - Cross-Site Request Forgery to Notice Dismissal
Description The Financio theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on the noticeclosed function. This makes it possible for unauthenticated attackers to dismiss notices via a...
XStore Core <= 5.3.5 - Missing Authorization
Description The XStore Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized...
WZone <= 14.0.10 - Missing Authorization
Description The WZone plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 14.0.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...
Smart Maintenance Mode <= 1.4.4 - Cross-Site Request Forgery
Description The Smart Maintenance Mode plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...
WP Portfolio < 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Portfolio theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
WP Video Lightbox < 1.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter
Description The WP Video Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
XStore < 9.3.9 - Unauthenticated SQLi
Description The theme is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that c...
OrderConvo < 12.5 - Missing Authorization to Arbitrary File Upload
Description The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on a REST API endpoint in all versions up to, and including, 12.4. This makes it possible for unauthenticated attacker...
Client Dash <= 2.2.1 - Missing Authorization
Description The Client Dash plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Secure Copy Content Protection and Content Locking < 3.9.1 - Missing Authorization
Description The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatesccpoption function in versions up to, and including, 3.9.0. This makes it possible for unauthenticated...
Annual Archive <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Annual Archive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) SQL Injection
Description The WooCommerce Amazon Affiliates - Wordpress Plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 14.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Recencio Book Reviews <= 1.66.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Recencio Book Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.66.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description The Crelly Slider plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.4.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfo...
XStore Core <= 5.3.5 - Authenticated (Subscriber+) Local File Inclusion
Description The XStore Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the...
Smart Forms < 2.6.92 - Missing Authorization to Notice Dismissal
Description The Smart Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rednaosmartformsdontshowagain function in versions up to, and including, 2.6.91. This makes it possible for authenticated attackers, with subscriber-level...
All-in-One Video Gallery < 3.6.5 - Contributor+ Arbitrary File Upload via featured image
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the aiovgcreateattachmentfromexternalimageurl function. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's...
XStore < 9.3.9 - Missing Authorization
Description The XStore theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 9.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...
Vitepos < 3.0.2 - Missing Authorization
Description The Vitepos plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...