14602 matches found
Slash Admin < 3.8.2 - Cross-Site Request Forgery
Description The Slash Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a...
Academy LMS < 1.9.17 - Missing Authorization
Description The Academy LMS plugin for WordPress is vulnerable to unauthorized access due to insufficient validation on the enrollcourse function in versions up to, and including, 1.9.16. This makes it possible for authenticated attackers, with subscriber-level access and above, to enroll in paid...
Sendinblue for WooCommerce < 4.0.18 - Authenticated (Editor+) Arbitrary File Download and Deletion
Description The Brevo for WooCommerce plugin for WordPress is vulnerable to arbitrary file download and deletion in all versions up to, and including, 4.0.17. This is due to the plugin not properly validating file names in the getfilecontents and deleteattachment functions. This makes it possible...
Admin Page Spider < 3.32 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Data Tables Generator by Supsystic < 1.10.32 - Missing Authorization
Description The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy < 2.1.2 - Unauthenticated Arbitrary Content Deletion
Description The SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the theSharkalibayremoveProductFromShop function in all versions up to, and including, 2.1.1. This makes it possible...
MailerLite – Signup forms (official) < 1.7.7 - Missing Authorization
Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it...
Contest Gallery < 21.3.5 - Authenticated (Author+) Arbitrary File Deletion
Description The Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 21.3.4. This...
Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page...
BuddyForms < 2.8.9 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery
Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to Arbitrary File Read and Server-Side Request Forgery in all versions up to, and including, 2.8.8. This makes it possible for...
Woo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report Retrieval
Description The Woo Total Sales plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getordersarchive function in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to retrieve sales reports for the...
WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.1 - Missing Authorization
Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajxsetsequence function in versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, with...
Advanced Local Pickup for WooCommerce < 1.6.2 - Missing Authorization to Notice Dismissal
Description The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminnoticesforalppro function in versions up to, and including, 1.6.1. This makes it possible for unauthenticated attackers to...
VK Block Patterns < 1.31.1.1 - Missing Authorization
Description The VK Block Patterns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vbpclearpatternscache function in versions up to, and including, 1.31.0. This makes it possible for unauthenticated attackers to clear the patterns...
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.1 - Cross-Site Request Forgery to Notice Dismissal
Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.0. This is due to missing or incorrect nonce validation on the...
All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic < 4.6.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode
Description The All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Headline Analyzer < 1.3.4 - Cross-Site Request Forgery
Description The Headline Analyzer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on several REST API endpoints. This makes it possible for unauthenticated attackers to perform sever...
Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This...
AppPresser < 4.3.1 - Missing Authorization
Description The AppPresser plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggleloggingcallback function in versions up to, and including, 4.3.0. This makes it possible for unauthenticated attackers to enable and disable logging...
InstaWP Connect < 0.1.0.25 - Missing Authorization
Description The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 0.1.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform sever...
Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication
Description The Different Menu in Different Pages – Control Menu Visibility All in One plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax function in all versions up to, and including, 2.3.2. This makes it possible for authenticated attackers,...
The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) < 2.0.8.4 - Reflected Cross-Site Scripting
Description The The Pack Elementor addons Header Footer & WooCommerce Builder, Template Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.0.8.3 due to insufficient input sanitization and output escaping. This makes it possible for...
Easy Property Listings < 3.5.4 - Missing Authorization via epl_update_listing_coordinates()
Description The Easy Property Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eplupdatelistingcoordinates function in versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to update...
MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.3.9 - Missing Authorization
Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for...
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.31 - Open Redirect
Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the redirectto...
Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
Description The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
WP Media Category Management < 2.3.0 - Reflected Cross-Site Scripting
Description The WP Media Category Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Login with phone number < 1.6.94 - Missing Authorization
Description The Login with phone number plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in versions up to, and including, 1.6.93. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Seers | GDPR & CCPA Cookie Consent & Compliance < 8.1.1 - Cross-Site Request Forgery
Description The Seers | GDPR & CCPA Cookie Consent & Compliance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.1.0. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated...
Qi Addons For Elementor < 1.7.1 - Contributor+ Stored XSS
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to...
ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.29 - Missing Authorization
Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.0.28. This makes it possible for...
Mhr Post Ticker < 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Mhr Post Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Header Title value in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Conversational Forms for ChatBot < 1.2.0 - Unauthenticated Arbitrary File Download
Description The ChatBot Conversational Forms plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to download arbitrary files from the server which may contain sensitive information...
WooCommerce Shipping Label < 2.3.9 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
Description The WooCommerce Shipping Label plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop...
Image Slider < 1.1.127 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.125 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions a...
Google Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery
Description The Google Doc Embedder plugin for WordPress is vulnerable to Server Side Request Forgery via the 'gview' shortcode in versions up to, and including, 2.6.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations...
AnnounceKit <= 2.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The AnnounceKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Elementor ImageBox <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elementor ImageBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image box widget in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
Social Snap < 1.3.6 - Missing Authorization
Description The Social Snap plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in versions up to, and including, 1.3.5. This makes it possible for unauthenticated attackers to modify the plugin's settings...
SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Edit/Creation
Description The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the savePricingTable function. This makes it possible for unauthenticated attackers to create an...
AA Cash Calculator <= 1.0 - Reflected Cross-Site Scripting via invoice
Description The AA Cash Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘invoice’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
SchedulePress < 5.0.9 - Missing Authorization
Description The SchedulePress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.0.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...
Event Monster <= 1.3.8 - Contributor+ PHP Object Injection via Custom Meta
Description The plugin is vulnerable to PHP Object Injection via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable...
Easy Restaurant Table Booking <= 1.0.0 - Cross-Site Request Forgery
Description The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...
CookieHub < 1.1.1 - Missing Authorization
Description The CookieHub plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatedomaincode and updateadvancedsettings functions in versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with...
Header Footer Code Manager Pro < 1.0.17 - Reflected Cross-Site Scripting via message
Description The Header Footer Code Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
BackUpWordPress < 3.14 - Admin+ Directory Traversal
Description The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkpdirectorybrowse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outsi...
Nextgen Gallery < 3.59.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Add the "NextGEN Media RSS" Widget to the blog Appearance Widgets 2. Change the...
Getwid – Gutenberg Blocks < 2.0.8 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown'
Description The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
Contact Form 7 Database Addon – CFDB7 < 1.2.7 - Unauthenticated Sensitive Information Exposure
Description The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7beforesendmail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally...