14603 matches found
Contact Form 7 Database Addon – CFDB7 < 1.2.7 - Unauthenticated Sensitive Information Exposure
Description The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7beforesendmail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally...
WP ULike < 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpulike' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on the user supplied 'wrapperclass' attribute. This makes it...
Tutor LMS < 2.7.0 - Missing Authorization to Unauthenticated Limited Options Update
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hidenotices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers ...
Admin Bar Remover < 1.0.23 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Description The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateform function in all versions up to, and including, 1.0.2.2. This makes it possible for authenticated attackers, with subscriber-level access an...
Form Maker by 10Web < 1.15.25 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output...
WP ULike < 2.7.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for...
Popup4Phone <= 1.3.2 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Popup4Phone Settings...
WP ULike – Most Advanced WordPress Marketing Toolkit < 4.7.0 - Authenticated (Contributor+) SQL Injection via Shortcodes
Description The WP ULike – Most Advanced WordPress Marketing Toolkit plugin for WordPress is vulnerable to SQL Injection via the 'status' and 'id' attributes of the 'wpulikecounter' and 'wpulike' shortcodes in all versions up to, and including, 4.6.9 due to insufficient escaping on the user...
Analytify < 5.2.4 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification
Description The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpacheckauthentication' function in all versions up to, and including, 5.2.1. This makes i...
Timetable and Event Schedule by MotoPress < 2.4.12 - Authenticated (Contributor+) SQL Injection
Description The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Swift Framework < 2024.0.0 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. P...
Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. PoC Run the following JavaScript in the browser console: fetch"/", "headers": "content-type": "application/x-www-form-urlencoded", ,...
WPC Composite Products for WooCommerce < 7.2.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woococomponents0name' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the...
Easy CountDowner <= 1.0.8 - Cross-Site Request Forgery
Description The Easy CountDowner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions a...
Mailster < 4.0.7 - Unauthenticated Local File Inclusion
Description The Mailster - Email Newsletter Plugin for WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.6. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...
DethemeKit For Elementor < 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
LearnPress Export Import < 4.0.4 - Reflected Cross-Site Scripting
Description The LearnPress Export Import plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
LH Add Media From Url < 1.23 - Reflected Cross-Site Scripting
Description The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
LoginPress Pro < 3.0.0 - Captcha Bypass
Description The plugin is vulnerable to Bypass, allowing unauthenticated attackers to bypass the Captcha Verification...
Elements Plus! < 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elements Plus! plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.16.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting
Description The MJ Update History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Happy Addons for Elementor < 3.10.7 - Contributor+ Stored Cross-Site Scripting
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Calendly widget in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Virtue < 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author
Description The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible...
ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets
Description The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include...
Essential Addons for Elementor < 5.9.16 - Contributor+ Stored Cross-Site Scripting
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive Circle widgets in all versions up to, and including, 5.9.15 due to...
LoginPress Pro < 3.0.0 - Unauthenticated License Activation/Deactivation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check, allowing unauthenticated attacks to activate and deactivate licenses...
WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.25 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The WordPress Menu Plugin — Superfly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.0.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.24 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
DirectoryPress – Business Directory And Classified Ad Listing < 3.6.8 - Reflected Cross-Site Scripting
Description The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
The Plus Addons for Elementor < 5.5.0 - Contributor+ Stored Cross-Site Scripting via Countdown Widget
Description The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 5.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Envo Extra < 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.8.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File
Description The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attacke...
Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting
Description The Code Insert Manager Q2W3 Inc Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
WP-FormAssembly < 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP-FormAssembly plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Fixed HTML Toolbar < 1.0.8 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Fixed HTML Toolbar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP TradingView plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Easy Textillate <= 2.02 - Authenticated(Contributor+) Stored Cross-Site Scripting
Description The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce < 2.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Product Addons & Fields for WooCommerce < 32.0.19 - Unauthenticated Arbitrary File Upload via ppom_upload_file
Description The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload...
WP Dynamic Keywords Injector < 2.3.22 - Reflected Cross-Site Scripting
Description The WP Dynamic Keywords Injector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Blog2Social: Social Media Auto Post & Scheduler < 7.5.0 - Information Exposure
Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts...
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics < 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting
Description The WP-Cufon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.6.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Save as PDF < 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Newsletter Popup <= 1.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Newsletter Popup Add New...
Essential Addons for Elementor < 5.9.16 - Information Exposure
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajaxloadmore , eaelwoopaginationproductajax, and...
Knight Lab Timeline <= 3.9.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Knight Lab Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WP Cost Estimation & Payment Forms Builder < 10.1.77 - Missing Authorization
Description The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 10.1.76. This makes it possible for unauthenticated attackers to perform an unauthorized actio...
Support Genix < 1.2.4 - Missing Authorization
Description The Support Genix plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...