14603 matches found
Colibri Page Builder < 1.0.272 - Contributor+ Stored Cross-Site Scripting via the plugin's 'colibri_breadcrumb_element' shortcode
Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibribreadcrumbelement' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Frontend Admin by DynamiApps < 3.19.5 - Improper Missing Encryption Exception Handling to Form Manipulation
Description The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms...
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory < 2.3.49 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode
Description The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gdsingletabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output...
PostX < 4.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Create a new Post and add "Ultimate...
Colibri Page Builder < 1.0.272 - Contributor+ Stored Cross-Site Scripting
Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-slideshow' shortcode in all versions up to, and including, 1.0.272 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Exclusive Addons for Elementor < 2.6.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Countdown Expired Title in all versions up to, and including, 2.6.9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Social Sharing Plugin – Social Warfare < 4.4.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialWarfare' shortcode in all versions up to, and including, 4.4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes...
Database for Contact Form 7, WPforms, Elementor forms < 1.3.9 - Unauthenticated Stored Cross-Site Scripting
Description The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Ultimate 410 Gone Status Code < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! < 2.1.3 - Missing Authorization to Subscriber+ Arbitrary Post Creation
Description The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elesparecreatepost function hooked via AJ...
Royal Elementor Addons and Templates < 1.3.972 - Contributor+ Stored Cross-Site Scripting via HTML Tags
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and output escaping on user supplied...
WordPress Backup & Migration < 1.4.9 - Missing Authorization to Directory Traversal
Description The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpmgdppopulatepopup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber...
Royal Elementor Addons and Templates < 1.3.972 - Contributor+ Stored Cross-Site Scripting via Advanced Accordion Title Tags
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on user supplied attributes li...
RegistrationMagic < 5.2.6.0 - Cross-Site Request Forgery
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5.9. This is due to missing or incorrect nonce validation on the...
Royal Elementor Addons and Templates < 1.3.95 - Unauthenticated Limited File Upload
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'filevalidity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous...
Royal Elementor Addons and Templates < 1.3.972 - Contributor+ Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output...
Icon Widget < 1.4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
ShopLentor < 2.8.2 - Contributor+ Template Reset
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'woolentortemplatestore' function. This makes it possible for authenticated attackers, with contributor access and above to access the nonce used to access this function and set a...
Happy Addons for Elementor < 3.10.5 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Image Stack Group, Photo Stack, & Horizontal Timeline widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer < 3.10.3 - Missing Authorization
Description The SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer plugin for WordPress is vulnerable to unauthorized ld+json description injection due to a missing capability check on the savesettings function in all versions up to, and including, 3.10.2. This makes it possible for...
reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. PoC This requires Jetpack to be installed and to have a page/post with a Jetpack Contact...
reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML page containing:...
VikBooking < 1.6.8 - Insecure Direct Object References
Description The plugin allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the plugin's they shouldn't be allowed to. PoC https://example.com/wp-admin/admin.php?option=comvikbooking=config...
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the formsaveaction function in all versions up to, and including, 3.1.5. This makes it possib...
Happy Addons for Elementor < 3.10.6 - Contributor+ Stored XSS via HTML Tags
Description The plugin is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
ShopLentor < 2.8.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuitebutton' shortcode due to insufficient input sanitization and output escaping on user supplied attributes like 'buttonclass'. This makes it possible for authenticated attackers with contributor-level and...
MaxGalleria < 6.4.3 - Missing Authorization
Description The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the addmedialibraryimagestogallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or...
Essential Addons for Elementor Pro < 5.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag'
Description The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on user supplied attributes such as...
hCaptcha for WordPress < 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode
Description The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
VikBooking < 1.6.8 - Broken Access Control
Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting categories for example despite initial settings prohibitin...
Click to Chat – HoliThemes < 4.0 - Contributor+ LFI
Description The plugin is vulnerable to Local File Inclusion, allowing authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensiti...
LearnPress – WordPress LMS Plugin < 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection
Description The Advanced Page Visit Counter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...
BWL Advanced FAQ Manager < 2.0.4 - Authenticated (Administrator+) SQL Injection
Description The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Easy Custom Auto Excerpt < 2.5.0 - Sensitive Information Exposure
Description The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts...
Freshdesk (official) < 2.4.0 - Open Redirect
Description The plugin is vulnerable to Open Redirect due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action...
Add Custom CSS and JS <= 1.20 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack PoC Make an author or above role open the following HTML:...
Wappointment < 2.6.1 - Admin+ SSRF
Description The plugin is vulnerable to Server-Side Request Forgery, allowing authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal servic...
BA Book Everything < 1.6.5 - Authenticated (Contributor+) SQL Injection
Description The BA Book Everything plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Customer Reviews for WooCommerce < 5.48.0 - Reflected Cross-Site Scripting via 's'
Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
Import Users from CSV < 1.3 - Authenticated (Admin+) PHP Object Injection
Description The Import Users from CSV plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object...
Essential Blocks < 4.5.10 - Contributor+ DOM-Based XSS via Social Icons Block
Description The plugin is vulnerable to Stored Cross-Site Scripting via the "Social Icons" block due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary...
Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection
Description The Find Duplicates plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...
Media Library Folders < 8.2.1 - Reflected Cross-Site Scripting via 's'
Description The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
ElementsKit Pro < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id'
Description The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
ActiveCampaign < 8.1.15 - Authenticated (Administrator+) Server-Side Request Forgery
Description The ActiveCampaign – Forms, Site Tracking, Live Chat plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.1.14 via the api3. This makes it possible for authenticated attackers, with administrator-level access and above, to make web...
CBX Bookmark & Favorite < 1.7.21 - Admin+ SQLi
Description The plugin is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL...
Citadela Listing <= 5.18.1 - Cross-Site Request Forgery
Description The Citadela Listing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.18.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action vi...
Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Email Enumeration
Description The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayspollcreateauthor function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to...
User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection
Description The User Activity Log Pro plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...