14603 matches found
Custom field finder < 0.4 - Authenticated (Author+) PHP Object Injection
Description The Custom field finder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No known...
WP Recipe Maker < 9.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode
Description The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Advanced Post List <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Advanced Post List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.5.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
3D FlipBook < 1.15.5 - Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL
Description The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...
XStore Core <= 5.3.5 - Reflected Cross-Site Scripting
Description The XStore Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting
Description The Piotnet Addons For Elementor Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.1.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Sticky Anything <= 2.1.5 - Missing Authorization
Description The Sticky Anything plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to perform an unauthorized action that can lead to Stored...
IDonate <= 1.9.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Navigate to...
Embed Google Photos album < 2.2.1 - Authenticated (Contributor+) Server-Side Request Forgery
Description The Embed Google Photos album plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.0 via the Pavexembedgooglephotosalbum class. This makes it possible for authenticated attackers, with contributor-level access and above, to make w...
ARforms < 6.4.1 - Reflected Cross-Site Scripting
Description The ARforms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Authenticated (Contributor+) SQL Injection
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
Tabellen von faustball.com < 2.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Cost Calculator Builder Pro < 3.1.68 - Unauthenticated Cross-Site Scripting via SVG Upload
Description The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 3.1.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an administrator,...
Culqi < 3.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery
Description The Culqi plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.14 via the getmerchants function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...
WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Unauthenticated SQL Injection
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal
Description Multiple plugins for WordPress by tychesoftwares are vulnerable to unauthorized modification of data due to a missing capability check on the tsadminnotices function in various versions. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Podlove Podcast Publisher < 4.0.15 - Cross-Site Request Forgery
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.14. This is due to missing or incorrect nonce validation on the jobcreate and jobdelete functions. This makes it possible for unauthenticated...
Podlove Podcast Publisher < 4.0.12 - Authenticated (Contributor+) Server-Side Request Forgery
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.11 via the fetchurlmeta function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests...
ARForms < 6.4.1 - Missing Authorization to Arbitrary Plugin Activation/Deactivation
Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate and...
ARforms < 6.4.1 - Authenticated (Subscriber+) SQL Injection
Description The ARforms plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Frontend Dashboard < 2.2.4 -
Description The Frontend Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive data...
Sailthru Triggermail <= 1.1 - Reflected XSS
Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open:...
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.79 - Unauthenticated Sensitive Information Exposure
Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.78. This makes it possible for unauthenticated attackers to extract...
Slider Revolution < 6.7.8 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter
Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject...
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder < 2.6.1 - Information Exposure
Description The Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.0 via the preparepreview function. This makes it possible for unauthenticated attackers to previe...
WordPress Header Builder Plugin – Pearl < 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stmhb' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add New Survey 2. Choose any...
ARForms < 6.4.1 - Missing Authorization to Arbitrary Option Deletion
Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...
Sailthru Triggermail <= 1.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
VikRentCar Car Rental Management System < 1.3.3 - Information Exposure
Description The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.2 due to publicly accessible PDF files. This makes it possible for unauthenticated attackers to extract potentially sensitive...
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid < 7.7.0 - Missing Authorization
Description The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtTPGSaveSettings function in all versions up to, and including, 7.6.1. This makes it...
Barcode Scanner with Inventory & Order Manager < 1.5.5 - Authenticated (Subscriber+) SQL Injection
Description The Barcode Scanner and Inventory manager. POS Point of Sale – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the us...
ARForms < 6.4.1 - Missing Authorization to Arbitrary File Deletion
Description The ARforms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrar...
StreamWeasels Twitch Integration < 1.8.0 - Unauthenticated Sensitive Information Exposure
Description The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.8 via the sw-twitch-embed shortcode. This makes it possible for unauthenticated attackers to view potentially sensitive information...
FV Flowplayer Video Player < 7.5.45.7212 - Authenticated (Subscriber+) Server-side Request Forgery
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.5.43.7212. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations...
Royal Elementor Kit < 1.0.117 - Cross-Site Request Forgery to Notice Dismissal
Description The Royal Elementor Kit theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.116. This is due to missing or incorrect nonce validation on the dismissedhandler function. This makes it possible for unauthenticated attackers to dismiss...
Accessibility Widget < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Accessibility Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Import and export users and customers < 1.26.3 - Authenticated (Admin+) PHP Object Injection
Description The Import and export users and customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.26.2 via deserialization of untrusted input in the import.php file. This makes it possible for authenticated attackers, with administrator-level...
List Custom Taxonomy Widget < 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The List Custom Taxonomy Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Reviews Plus < 1.3.5 - Missing Authorization to Notice Dismissal
Description The Reviews Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhiderevstranslationnotice function in versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with subscriber-level...
Advanced Testimonial Carousel for Elementor < 3.0.1 - Missing Authorization
Description The Advanced Testimonial Carousel for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handleAjaxCalls function in versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with subscriber-leve...
All-in-one Like Widget < 2.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The All-in-one Like Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP-Lister Lite for eBay < 3.6.0 - Authenticated (Shop Manager+) Arbitrary File Upload
Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 3.6.0 exclusive. This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files o...
ZD YouTube FLV Player <= 1.2.6 - Server-Side Request Forgery
Description The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $GET'image' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the...
LeadConnector < 1.8 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Description The LeadConnector plugin for WordPress is vulnerable to unauthorized modification & loss of data due to a missing capability check on the lcpublicapiproxy function in all versions up to, and including, 1.7. This makes it possible for unauthenticated attackers to delete arbitrary posts...
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) < 5.2.4 - Missing Authorization
Description The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage. This makes it possible for authenticated attackers,...
Fancy Elementor Flipbox <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Elementor Flipbox Widget
Description The Fancy Elementor Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Fancy Elementor Flipbox widget in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Where Did You Hear About Us Checkout Field for WooCommerce < 1.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
Description The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
ShortPixel Critical CSS < 1.0.3 - Missing Authorization
Description The ShortPixel Critical CSS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several function sin versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to...