14603 matches found
Really Simple SSL < 8.0.0 - Admin+ Server-Side Request Forgery
Description The Really Simple SSL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...
SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton
Description The SP Project & Document Manager plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 4.71 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF
Description The plugin does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack PoC Make an admin open a link where is a valid user: http://example.com/wp-admin/admin.php?page=wpnewslettershowlocalrecord=delete=...
Navigation menu as Dropdown Widget < 1.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Navigation menu as Dropdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
ARForms Form Builder < 1.6.5 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion
Description The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'arfliteremovepreviewdata' function in all versions up to, and including, 1.6.4. This makes it...
eCommerce Product Catalog Plugin for WordPress < 3.3.33 - Reflected Cross-Site Scripting
Description The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.3.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress < 2.0.74 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure
Description The Radio Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.73. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive...
Simple Registration for WooCommerce <= 1.5.6 - Unauthenticated Privilege Escalation
Description The Simple Registration for WooCommerce plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated users to elevate their privileges to that of an administrator...
WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WP File Download Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...
WP Club Manager < 2.2.12 - Authenticated (Player+) Stored Cross-Site Scripting
Description The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
GuCherry Blog <= 1.1.8 - Reflected Cross-Site Scripting
Description The GuCherry Blog theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Simple Testimonials Showcase <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Simple Testimonials Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection
Description The WP SMTP plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in versions 1.2 to 1.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Master Slider – Responsive Touch Slider < 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Premium Addons for Elementor < 4.10.29 - Contributor+ Stored Cross-Site Scripting
Description The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post ticker widget in all versions up to, and including, 4.10.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.32 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Ditty plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access...
WP-Members Membership Plugin < 3.4.9.4 - Unprotected Storage of Potentially Sensitive Files
Description The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user supplied files to a publicly accessible directory in wp-content without any restrictions. This makes it possible f...
Blocksy < 2.0.40 - Contributor+ Stored Cross-Site Scripting
Description The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WP Cost Estimation & Payment Forms Builder < 10.1.76 - Reflected Cross-Site Scripting
Description The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 10.1.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
VikBooking Hotel Booking Engine & PMS < 1.6.8 - Reflected Cross-Site Scripting
Description The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
Testimonial Slider < 2.3.8 - Admin+ Stored Cross-Site Scripting
Description The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Login with phone number < 1.7.17 - Unauthorized Account Password Change to Privilege Escalation
Description The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.16. This is due to the plugin not properly verifying the identity of a user who is trying to reset a password. This makes it possible for authenticated...
Zynith SEO <= 7.4.9 - Unauthenticated Stored Cross-Site Scripting
Description The Zynith SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.3 - Subscriber+ Remote Code Execution
Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server...
Newsletter Popup <= 1.2 - List Deletion via CSRF
Description The plugin does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack PoC Make an admin open a URL where is a valid id: http://example.com4/wp-admin/admin.php?page=wpnewslettershowitems=trash=...
Yoga Schedule Momoyoga < 2.8.0 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that wi...
Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting
Description The Tax Rate Upload plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
What's New Generator <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The What's New Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Radio Player < 2.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Radio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.73 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins PoC 1. Make sure there is a newsletter configured with the setting "Email Service Save to local database" 2. When not logged in,...
Kattene < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Kattene plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...
Mega Elements < 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Restaurant Menu – Food Ordering System – Table Reservation < 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied...
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.3.2 - Sensitive Information Exposure via Log Files
Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 13.3.1 via log files. This makes it possible for...
Cornerstone < 0.8.1 - Reflected Cross-Site Scripting via PHP_SELF
Description The Cornerstone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting
Description The WP Helper Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to 4.6.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
WP Stripe Checkout < 1.2.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WP Stripe Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.2.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Forminator < 1.29.0 - Unauthenticated Arbitrary File Upload
Description The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.28.1. This makes it possible for unauthenticated attackers to upload arbitrary fil...
RSS Feed Widget < 2.9.8 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF
Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...
HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the widget area, add the...
HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF
Description The plugin does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack PoC Make an admin open an HTML file containing: The Twitter connection will be removed API tokens reset to ''...
Classified Listing – Classified ads & Business Directory Plugin < 3.0.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion
Description The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtclfbgalleryimagedelete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for...
PDF Invoices & Packing Slips for WooCommerce < 3.8.1 - Unauthenticated Stored Cross-Site Scripting
Description The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
PDF Invoices & Packing Slips for WooCommerce < 3.8.1 - Unauthenticated Server-Side Request Forgery
Description The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform function. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from...
Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More < 3.7.1 - Contributor+ Stored Cross-Site Scripting via Widget Post Overlay
Description The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More Gutenberg Blocks and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input...
Popup Box – Best WordPress Popup Plugin < 4.3.7 - Missing Authorization to Information Exposure
Description The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspbcreateauthor AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to...
Void Elementor WHMCS Elements For Elementor Page Builder < 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Void Elementor WHMCS Elements For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PropertyHive < 2.0.13 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
Description The PropertyHive plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deletekeydate function in all versions up to, and including, 2.0.12. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds < 1.5.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
Description The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping...