14603 matches found
Advanced Floating Content Lite < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Advanced Floating Content Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
UDesign <= 4.7.3 - Reflected Cross-Site Scripting
Description The UDesign theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...
Jeg Elementor Kit < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner
Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Banner widget in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin < 2.6.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Coupon & Discount Code Reveal Button < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Coupon & Discount Code Reveal Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
SVS Pricing Tables <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The SVS Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via pricing table settings in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Total Poll Lite < 4.10.0 - Missing Authorization
Description The Total Poll Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetPoll function in versions up to, and including, 4.9.9. This makes it possible for authenticated attackers, with subscriber-level access and above, ...
Export and Import Users and Customers < 2.5.4 - Authenticated (Admin+) PHP Object Injection
Description The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level...
5 Stars Rating Funnel < 1.3.02 - Missing Authorization
Description The 5 Stars Rating Funnel plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the includes/RRTNGGAjax.php file in versions up to, and including, 1.2.67. This makes it possible for unauthenticated attackers to perform...
MailerLite – Signup forms (official) 1.5.0 - 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Inline Google Spreadsheet Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdoc' shortcode in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping on user supplied attributes such as...
Photo Gallery <= 1.4.1 - Authenticated(Contributor+) PHP Object Injection via Shortcode
Description The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.1 via deserialization via shortcode of untrusted input from the...
WP LinkedIn Auto Publish < 8.12 - Missing Authorization
Description The WP LinkedIn Auto Publish plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wplinkedinautopublishdeletealllinkedinsettings function in versions up to, and including, 8.11. This makes it possible for authenticated...
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Description The The Pack Elementor addons Header Footer & WooCommerce Builder, Template Library plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.8.2. This makes it possible for authenticated attackers, with subscriber-level access and...
Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated(Contributor+) PHP Object Injection via shortcode
Description The Grid Gallery – Photo Image Grid Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization via shortcode of untrusted input from the awlggsettings meta value. This makes it possible for authenticated attackers...
RomethemeForm For Elementor < 1.1.3 - Missing Authorization
Description The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to modify forms...
Elementor Addon Elements < 1.13.4 - Contributor+ Stored XSS
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Stack Group, Shape Separator, Content Switcher, Info Circle and Timeline widgets due to insufficient input sanitization and output escaping. This makes it possible for...
ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
Description The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access an...
Social Share Icons & Social Share Buttons < 3.6.3 - Missing Authorization to Notice Dismissal
Description The Social Share Icons & Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 3.6.2. This makes it possible for unauthenticated attackers to dismiss notices...
Radio Player < 2.0.74 - Unauthenticated Server-Side Request Forgery
Description The Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to make web requests to arbitrary...
Newsletters < 4.9.6 - Authenticated (Admin+) Arbitrary File Upload
Description The Newsletters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the...
BizPrint < 4.5.4 - Missing Authorization via showTemplatePreview()
Description The BizPrint plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview function in versions up to, and including, 4.3.39. This makes it possible for unauthenticated attackers to preview templates...
All in One SEO < 4.6.1.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Post fields before outputting them back, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, create a post and put the following payload in the "Meta...
WPCal.io – Easy Meeting Scheduler < 0.9.5.9 - Cross-Site Request Forgery
Description The WPCal.io – Easy Meeting Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.5.8. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to...
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.0 - Contributor+ Stored Cross-Site Scripting
Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 2.0.5.9 due to insufficient input sanitization and output escaping...
RomethemeKit For Elementor < 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The RomethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Rate My Post – Star Rating Plugin by FeedbackWP < 3.4.5 - Insecure Direct Object Reference
Description The Rate My Post – Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to rate priva...
WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress < 3.1.4 - Cross-Site Request Forgery
Description The WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing or incorrect nonce validation on several functions. This...
Print Labels with Barcodes < 3.4.7 - Subscriber+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the template and javascript label fields due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pag...
Evergreen Content Poster < 1.4.3 - Missing Authorization
Description The Evergreen Content Poster plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createnetworkpost function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level...
Secure Copy Content Protection and Content Locking < 3.7.2 - Missing Authorization
Description The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.7.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
ActiveDEMAND < 0.2.42 - Unauthenticated Arbitrary File Upload
Description The ActiveDEMAND plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the apisavepost function in all versions up to, and including, 0.2.41. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access...
Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation
Description The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.12. This makes it possible for authenticated attackers, with contributor-level access and above, to escalate their privileges...
Integrate Google Drive < 1.3.91 - Missing Authorization
Description The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.3.8. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Max Addons Pro for Bricks < 1.6.2 - Reflected Cross-Site Scripting
Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
Max Addons Pro for Bricks < 1.6.2 - Missing Authorization
Description The Max Addons Pro for Bricks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in all versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to reset the plugin's settings...
Vision Interactive < 1.7.2 - Missing Authorization
Description The Vision Interactive plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in versions up to, and including, 1.7.1. This makes it possible for unauthenticated attackers to view deactivated items...
Integrate Google Drive < 1.3.91 - Missing Authorization
Description The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in versions up to, and including, 1.3.9. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Widget Post Slider < 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Widget Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Spectra – WordPress Gutenberg Blocks < 2.12.7 - Contributor+ Path Traversal
Description The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal via the getblockdefaultattributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the...
WP GoToWebinar < 15.1 - Missing Authorization
Description The WP GoToWebinar plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpgotowebinardeletelogcallback function in versions up to, and including, 14.46. This makes it possible for authenticated attackers, with subscriber-level access...
ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.0 - Insecure Direct Object Reference
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.9 due to missing validation on a user controlled key in the pgshowmsgpanel function. This makes it...
WP Club Manager < 2.2.12 - Missing Authorization
Description The WP Club Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcmmatchplayersitemorder function in versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to modify an order sor...
BP Better Messages < 2.4.33 - Missing Authorization
Description The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 2.4.32. This is due to the plugin not properly verifying if a user should have access to a...
Sirv < 7.2.3 - Missing Authorization to Arbitrary Options Update
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdismissnotice function in all versions up to, and including, 7.2.2. This makes it possible for authenticated attackers, with...
Booster Extension <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display
Description The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'boosterextensionauthorboxshortcodedisplay' function. This makes it possible for unauthenticated attackers to extract sensitive data including...
Page Builder: Live Composer < 1.5.39 - Missing Authorization
Description The Page Builder: Live Composer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the dslcajaxaddmodule function in versions up to, and including, 1.5.38. This makes it possible for authenticated attackers, with author-level...
Print Labels with Barcodes < 3.4.7 - Subscriber+ Settings/Profiles Update, Templates/Barcodes Access/Creation/Edition/Deletion
Description The plugin is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which...
SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion
Description The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable function. This makes it possible for unauthenticated attackers to delete...