14602 matches found
Cooked – Recipe Management <= Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Cooked – Recipe Management recipe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows...
Music Store - WordPress eCommerce < 1.1.14 - Authenticated (Admin+) SQL Injection
Description The Music Store – WordPress eCommerce plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.1.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
MJ Update History <= 1.0.4 - Missing Authorization
Description The MJ Update History plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an...
Business Directory Plugin < 6.4.4 - Authenticated (Author+) CSV Injection
Description The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported...
Photo Gallery by 10Web < 1.8.22 - Multiple Reflected XSS
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the 'imageid', 'currenturl', 'imageurl' and 'thumburl' parameters due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied...
Tickera < 3.5.2.9 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion
Description The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with...
PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render
Description The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection
Description The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsbdisconnectsettings' function in all versions up to, and including, 3.5.10. This makes it possible for unauthenticated...
Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update
Description The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtanavisualeditorregisterajaxjsonendpont' function in all versions up to, and including, 1.2.3.3. This makes it possible for...
WP Go Maps (formerly WP Google Maps) < 9.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator,...
Newspaper < 12.6.6 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
Description The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
YITH WooCommerce Product Add-Ons < 4.9.3 - Unauthenticated Content Injection
Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 4.9.2. This is due to the plugin not properly validating a field that can be updated. This makes it possible for unauthenticated attackers to inject...
Infographic Maker iList < 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update
Description The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcldopenaititlegeneratedesc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with...
Download Manager < 3.2.90 - Improper Authorization via protectMediaLibrary
Description The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download...
Woody code snippets – Insert Header Footer Code, AdSense Ads < 2.5.1 -Authenticated (Contributor+) Remote Code Execution
Description The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insertphp' shortcode. This is due to the plugin not restricting the usage of the functionality to high leve...
Stratum – Elementor Widgets < 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
Description The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘labelyears’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible f...
tagDiv Composer < 4.9 - Authenticated (Contributor+) Local File Inclusion via Shortcode
Description The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'tdblocktitle' shortcode 'blocktemplateid' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...
Easy WP SMTP by SendLayer < 2.3.1 - Exposure of Sensitive Information via the UI
Description The Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.3.0. This is due to plugin providing the SMTP password in the SMTP Password field when viewing the settings. This make...
Elementor Header & Footer Builder < 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget
Description The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url attribute within the plugin's Site Title widget in all versions up to, and including, 1.6.35 due to insufficient input sanitization and output escaping. This makes it...
ElementsKit Elementor addons and Templates Library < 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Motion Text and Table Widgets
Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Motion Text and Table widgets in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
tagDiv Composer < 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Jeg Elementor Kit < 2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Tabs and JKit - Accordion Widgets
Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sggeneraltoggletabenable and sgaccordionstyle attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to...
WooCommerce - Social Login < 2.6.3 - Unauthenticated PHP Object Injection
Description The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'wooslgverify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a P...
PPOM for WooCommerce < 32.0.21 - Unauthenticated Content Injection Vulnerability
Description The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to Content Injection in all versions up to, and including, 32.0.20. This is due to the plugin not properly validating a field that can be updated. This makes it possible for unauthenticated attackers to...
Shariff Wrapper < 4.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius',...
Under Construction / Maintenance Mode from Acurax <= 2.6 - Unauthenticated IP Spoofing
Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.6 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes...
Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode
Description The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to...
Restaurant Menu and Food Ordering < 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied...
FooEvents for WooCommerce < 1.19.21 - Improper Authorization to (Contributor+) Arbitrary File Upload
Description The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'displayticketthemespage' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with...
Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion
Description The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary fil...
Popup Builder – Create highly converting, mobile friendly marketing popups < 4.3.2 - Missing Authorization and Nonce Exposure
Description The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a...
Contact Form Builder, Contact Widget <= 2.1.7 - Authentication Request Bypass
Description The Contact Form Builder, Contact Widget plugin for WordPress is vulnerable to protection bypass in all versions up to, and including, 2.1.7. This is due to the plugin not properly restricting authentication attempts. This makes it possible for unauthenticated attackers to perform an...
WooCommerce - Social Login < 2.6.3 - Email Verification due to Insufficient Randomness
Description The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...
Collapse-O-Matic <= 1.8.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
Popup Builder < 4.3.2 - Missing Authorization in Multiple AJAX Actions
Description The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple unauthorize...
Database Cleaner < 1.0.6 - Authenticated (Admin+) Arbitrary File Read
Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.5 via the getlogs function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server,...
Recurring PayPal Donations < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Recurring PayPal Donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
LatePoint Plugin < 4.9.9.1 - Missing Authorization and Sensitive Information Exposure via IDOR
Description The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startorusesessionforcustomer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated...
Simple Sitemap < 3.5.14 - Cross-Site Request Forgery via admin_notices
Description The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'adminnotices' hook found in class-settings.php. This makes ...
Active Products Tables for WooCommerce. Use constructor to create tables < 1.0.6.4 - Reflected Cross-Site Scripting
Description The Active Products Tables for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.0.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
MegaMenu < 2.3.13 - Unauthenticated Local File Inclusion
Description The stm-megamenu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.12. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...
WPMobile.App — Android and iOS Mobile Application < 11.42 - Reflected Cross-Site Scripting
Description The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 11.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WP Docs < 2.1.4 - Reflected Cross-Site Scripting
Description The WP Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Auto Coupons for WooCommerce < 3.0.15 - Reflected Cross-Site Scripting
Description The Auto Coupons for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WP STAGING PRO - Backup Duplicator & Migration < 5.6.1 - Cross-Site Request Forgery to Limited Local File Inclusion
Description The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin -...
YITH Custom Login < 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The YITH Custom Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
FooGallery < 2.4.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Custom URL
Description The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via album gallery custom URLs in all versions up to, and including, 2.4.15 due to insufficient input sanitization and output escaping. This makes it possible for...
GiveWP – Donation Plugin and Fundraising Platform < 3.12.1 - Reflected Cross-Site Scripting
Description The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.12.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Stellissimo Text Box <= 1.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Stellissimo Text Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...