14602 matches found
NativeChurch <= 4.8.8.2 - Reflected Cross-Site Scripting
Description The NativeChurch theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.8.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
24liveblog <= 2.2 - Authenticated (Contributor+) Exposure of Sensitive Information via Block Editor Script Localization
Description The 24liveblog - live blog tool plugin for WordPress is vulnerable to Exposure of Sensitive Information in versions up to, and including, 2.2. This is due to the lb24blockenqueuescripts function being hooked to enqueueblockeditorassets and, for any non-administrator user, falling back...
24liveblog <= 2.2 - Missing Authorization to Authenticated (Author+) Settings Modification via update_lb24_token AJAX action
Description The 24liveblog - live blog tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatelb24token AJAX function in versions up to, and including, 2.2. The handler only verifies the 'lb24' nonce which is generated and...
2Download Connector for 2DL Hosted Checkout < 0.1.6 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter
Description The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1.5. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
TinyMCE shortcode Addon <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute
Description The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter
Description The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserIn...
DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.4.30 - Missing Authorization
Description The DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.4.29. This makes it possible for authenticated attackers, with contributor-leve...
3D viewer – Embed 3D Models < 1.8.6 - Missing Authorization
Description The 3D viewer – Embed 3D Models plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.8.5. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an...
12 Step Meeting List < 3.19.10 - Unauthenticated Information Exposure
Description The 12 Step Meeting List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Avada < 7.13.2 - Cross-Site Request Forgery
Description The Avada theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 7.13.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted...
12 Step Meeting List < 3.19.10 - Missing Authorization
Description The 12 Step Meeting List plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.19.9. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an...
Dear Flipbook < 2.4.27 - Authenticated (Auhtor+) Stored Cross-Site Scripting via PDF Page Labels
Description The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via PDF page labels in all versions up to, and including, 2.4.20 due to insufficient input sanitization and output escaping. This makes it possible fo...
Dating <= 11.2.0 - Missing Authorization
Description The Dating theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 11.2.0. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Dating <= 11.2.0 - Cross-Site Request Forgery
Description The Dating theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 11.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...
Notification Bar for WordPress <= 1.1.8 – Unauthenticated Subscriber Data Disclosure
Description The plugin exposes an unauthenticated CSV export script that discloses all stored subscriber emails. PoC https://example.com/wp-content/plugins/8-degree-notification-bar/inc/backend/blocks/export-csv.php...
1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute
Description The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6Storage Rentals <= 2.20.0 - Authenticated (Subscriber+) Server-Side Request Forgery
Description The 6Storage Rentals plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from...
Avada <= 7.13.2 - Missing Authorization
Description The Avada theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 7.13.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...
404 Solution < 3.1.1 - Authenticated (Admin+) SQL Injection via 'filterText' Parameter
Description The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This is due to improper sanitization of the...
0 Day Analytics < 4.1.0 - Authenticated (Administrator+) SQL Injection
Description The 0 Day Analytics plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...
Image Gallery block – Create and display photo gallery/photo album. < 2.0.0 - Missing Authorization
Description The Image Gallery Block – Create and Display Photo Galleries plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with...
WP < 6.8.3 - Contributor+ Sensitive Data Disclosure
Description WordPress is affected by a data exposure issue which could allow contributor and above roles to access some restricted content...
WP < 6.8.3 - Author+ DOM Stored XSS
Description WordPress does not escape some data when writting in into the DOM of a page, which could allow users with a role of Author and perform to perform Stored XSS attacks...
12 Step Meeting List < 3.18.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 12 Step Meeting List plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
360 Photo Spheres <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sphere' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Litho < 3.1 - Unauthenticated Arbitrary File Deletion
Description The Litho theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code...
Magnific Popups JavaScript Library < 1.2.0 - Contributor+ Stored XSS
Description Multiple plugins are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.3.67 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source'
Description The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the ‘pdf-source’ parameter in all versions up to, and including, 2.3.65 due to insufficient input sanitization and output escaping...
404 Page by SeedProd < 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The 404 Page by SeedProd plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, ...
6Storage Rentals <= 2.19.6 - Missing Authorization
Description The 6Storage Rentals plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.19.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an...
4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject...
6Storage Rentals <= 2.19.9 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action...
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for...
360 View <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 360 View plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated...
ZooEffect <= 1.11 - Reflected Cross-Site Scripting
Description The ZooEffect plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
5sterrenspecialist <= 1.4 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure
Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
1-Click Backup & Restore Database <= 1.0.3 - Missing Authorization
Description The 1-Click Backup & Restore Database plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...
6Storage Rentals <= 2.19.8 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action...
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'printer_text'
Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printertext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'material_text'
Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'materialtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'coating_text'
Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coatingtext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
3DPrint Lite <=2.1.3.6 - Authenticated (Admin+) SQL Injection via 'infill_text'
Description The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infilltext' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
3DPrint Lite < 2.1.3.6 - Cross-Site Request Forgery
Description The 3DPrint Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...
4 author cheer up donate <= 1.3 - Reflected Cross-Site Scripting
Description The 4 author cheer up donate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
17TRACK for WooCommerce <= 1.2.10 - Reflected Cross-Site Scripting
Description The 17TRACK for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
3D Photo Gallery <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The 3D Photo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'des' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-leve...
what3words Address Field < 4.0.16 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The what3words Address Field plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and...
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php
Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive...