14603 matches found
Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook <= 1.1.12 - Authenticated (Administrator+) SQL Injection
Description The Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure
Description The Citadela Directory plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.18.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Download Manager < 3.2.83 - Unauthenticated Password Protected File Bypass
Description The plugin is vulnerable to information disclosure, allowing unauthenticated attackers to bypass password protected file restrictions...
Realtyna Organic IDX plugin < 4.14.8 - Unauthenticated SQLi
Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
Poll Maker – Best WordPress Poll Plugin < 5.1.9 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
Description The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ayspollmakerquickstart AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8...
FV Flowplayer Video Player < 7.5.45.7212 - Authenticated (Contributor+) Arbitrary Redirect
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to unauthorized redirects in all versions up to, and including, 7.5.44.7212. This is due to the plugin not restricting contributor and above users from being able to add redirects at the end of videos. This makes it...
Ungallery <= 2.2.4 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following: Save Changes...
Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection
Description The Product Feed on WooCommerce for Google plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Element Pack Elementor Addons < 5.6.1 - Contributor+ Stored XSS via Panel Slider Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘tablink’ attribute of the Panel Slider widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary w...
Jotform Online Forms < 1.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on use...
LetterPress <= 1.2.2 - Subscriber Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers PoC Make a logged in admin open an HTML file containing:...
Save as PDF < 3.2.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. On the "Settings Save as PDF...
Element Pack Elementor Addons < 5.6.1 - Contributor+ Stored XSS via Price List Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute of the Price List widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection
Description The Disable Comments | WPZest plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.51 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Novelist < 1.2.3 - Cross-Site Request Forgery
Description The Novelist plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the novelistrestoredefaultsettings function. This makes it possible for unauthenticated attackers to restore t...
Wallet System for WooCommerce < 2.5.10 - Cross-Site Request Forgery
Description The Wallet System for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform a...
HT Mega < 2.4.7 - Unauthenticated Order Data Disclosure
Description The plugin is vulnerable to Sensitive Information Exposure via the purchasedproducts function, allowing unauthenticatied attackers to extract sensitive data including the previous 7 days of order data including products and customer PII...
HT Mega < 2.4.9 - Contributor+ Stored XSS via Accordion/FAQ
Description The plugin is vulnerable to Stored Cross-Site Scripting via Accordion widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
EAN for WooCommerce < 4.9.3 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode
Description The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'algwceanproductmeta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers...
Podlove Podcast Publisher < 4.1.1 - Missing Authorization
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions such as dorepair in versions up to, and including, 4.1.0. This makes it possible for authenticated attackers, with subscriber-level access and...
Asgaros Forum < 2.9.0 - Cross-Site Request Forgery
Description The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.0. This is due to missing or incorrect nonce validation on the markallread function. This makes it possible for unauthenticated attackers to mark post topics as rea...
Podlove Podcast Publisher < 4.0.14 - Authenticated (Contributor+) SQL Injection
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
WP EasyCart < 5.6.0 - Cross-Site Request Forgery
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.19. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perfo...
WP Google Analytics Events < 2.8.1 - Reflected Cross-Site Scripting
Description The WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for...
Convert Post Types <= 1.4 - Cross-Site Request Forgery
Description The Convert Post Types plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...
MWW Disclaimer Buttons < 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The MWW Disclaimer Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Order Delivery Date for WooCommerce < 3.21.1 - Cross-Site Request Forgery to Notice Dismissal
Description The Order Delivery Date for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.21.0. This is due to missing or incorrect nonce validation on the dismissnotice function. This makes it possible for unauthenticated attackers t...
Otter Blocks < 2.6.10 - Contributor+ Stored XSS via titleTag
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Post Grid widget due to insufficient input sanitization and output escaping on user supplied attributes such as 'titleTag'. This makes it possible for authenticated attackers, with contributor-level access and...
EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting
Description The EZ Form Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.14.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WP Client Reports < 1.0.23 - Cross-Site Request Forgery
Description The WP Client Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.22. This is due to missing or incorrect nonce validation on the wpclientreportssendemailreportfromajax function. This makes it possible for unauthenticated...
POEditor < 0.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The POEditor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Clone < 2.4.4 - Subscriber+ Unauthorised Action Calls
Description The plugin is vulnerable to unauthorized access due to a missing capability check on several functions, allowing authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...
Jobs for WordPress < 2.7.6 - Reflected Cross-Site Scripting
Description The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Libsyn Publisher Hub <= 1.4.4 - Cross-Site Request Forgery
Description The Libsyn Publisher Hub plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknow...
Siteimprove < 2.0.7 - Cross-Site Request Forgery
Description The Siteimprove plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on two functions. This makes it possible for unauthenticated attackers to request a token via a forged request...
SEO Booster < 3.8.10 - Cross-Site Request Forgery
Description The SEO Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.9. This is due to missing or incorrect nonce validation on the deleteall and delete actions. This makes it possible for unauthenticated attackers to delete data in bu...
Church Admin < 4.0.28 - Cross-Site Request Forgery
Description The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.27. This is due to missing or incorrect nonce validation on the cadebugmode function. This makes it possible for unauthenticated attackers to enable debug mode via a...
Pardot < 2.1.1 - Missing Authorization
Description The Pardot plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset cache among othe...
Jobs for WordPress < 2.7.6 - Reflected Cross-Site Scripting via job-search
Description The Jobs for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘job-search’ parameter in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Smash Balloon Social Post Feed < 4.2.2 - Facebook Token Reset/Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the maybesourceconnectiondata function, allowing attacker to reset and set an arbitrary Facebook Token via a CSRF attack...
Finale Lite < 2.18.1 - Cross-Site Request Forgery
Description The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.18.0. This is due to missing or incorrect nonce validation on the xlooptincall function. This makes it possible f...
Advanced iFrame < 2024.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2024.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Crony Cronjob Manager <= 0.5.0 - Cross-Site Request Forgery
Description The Crony Cronjob Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unkno...
WP Mail Catcher < 2.1.7 - Cross-Site Request Forgery
Description The WP Mail Catcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.6. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Gift Vouchers < 4.4.1 - Cross-Site Request Forgery
Description The Gift Vouchers plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on the createdefaultpages function. This makes it possible for unauthenticated attackers to trigger the...
Zoho Campaigns < 2.0.7 - Authenticated (Contributor+) SQL Injection
Description The Zoho Campaigns plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Remove Footer Credit < 1.0.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Remove Footer Credit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Welcart e-Commerce < 2.10.0 - Missing Authorization
Description The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the uscesitemduplicate function in versions up to, and including, 2.9.14. This makes it possible for authenticated attackers, with author-level access and above, to...
Leadinfo < 1.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Digital Publications by Supsystic < 1.7.8 - Cross-Site Request Forgery
Description The WordPress Flipbook by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.7. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perfor...