14603 matches found
Customer Reviews for WooCommerce < 5.47.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level...
Login With Ajax < 4.2 - Cross-Site Request Forgery to Notice Dismissal
Description The Login With Ajax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on the dismissadminnotice function. This makes it possible for unauthenticated attackers to dismiss notices...
NextMove Lite < 2.18.2 - Cross-Site Request Forgery
Description The NextMove Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.1. This is due to missing or incorrect nonce validation on the xladdoninstallation function. This makes it possible for unauthenticated attackers to install addons...
ProfileGrid – User Profiles, Memberships, Groups and Communities < 5.8.4 - Missing Authorization
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the pmuploadcoverimage function in all versions up to, and including, 5.8.3. This makes it possible for...
Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via aux_timeline Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's auxtimeline shortcode due to insufficient input sanitization and output escaping on user supplied attributes such as thumbmode and datetype. This makes it possible for authenticated attackers with contributor-lev...
EleForms – All In One Form Integration including DB for Elementor < 2.9.9.8 - Unauthenticated Stored Cross-Site Scripting
Description The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.9.9.7 due to insufficient input sanitization and output escaping. This makes it possib...
USPS Shipping for WooCommerce – Live Rates < 1.9.3 - Cross-Site Request Forgery
Description The USPS Shipping for WooCommerce – Live Rates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attacker...
FileBird < 5.6.4 - Author+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the folder name parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execut...
BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal
Description Multiple plugins and/or themes for WordPress are vulnerable to Cross-Site Request Forgery in various versions. This is due to missing or incorrect nonce validation on the admininit hook. This makes it possible for unauthenticated attackers to dismiss notices via a forged request grant...
WP Login and Logout Redirect < 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The WP Login and Logout Redirect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via title_tag
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘titletag’ due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will...
Calendarista Basic Edition < 3.0.3 - Cross-Site Request Forgery
Description The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform...
Restrict Content < 3.2.9 - Missing Authorization
Description The Restrict Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the updateoptingetstatus function in versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to update opt in status...
Popup by Supsystic < 1.10.28 - Missing Authorization
Description The Popup by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.27. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
Save as Image < 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Save as Image Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Dashboard To-Do List < 1.3.2 - Cross-Site Request Forgery via ardtdw_widgetupdate()
Description The Dashboard To-Do List plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ardtdwwidgetupdatefunction. This makes it possible for unauthenticated attackers to update...
BA Book Everything < 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This...
Search Keyword Redirect <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Search Keyword Redirect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Top Bar < 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin < 5.7.15 - Unauthenticated SQL Injection
Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficie...
MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "MF Gig Calendar...
Exclusive Addons for Elementor < 2.6.9.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid Widget in all versions up to, and including, 2.6.9.2 due to insufficient input sanitization and output escaping on user supplied tags. This makes it possible for...
Real Media Library < 4.11.12 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possib...
Country State City Dropdown CF7 < 2.7.2 - Missing Authorization
Description The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tccscapatchsettings function in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...
Tainacan Interface < 2.7.2 - Reflected Cross-Site Scripting
Description The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.2.0 - Missing Authorization to Unauthenticated Media Deletion
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it...
Crelly Slider <= 1.4.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Crelly Slider" 2. Add a...
LiveJournal Shortcode <= 1.1.1 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add this shortcode to a page...
Fancy Product Designer < 6.1.81 - Admin+ Cross Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to:...
Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion
Description The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajaxdeletefield function. This makes it possible for unauthenticated attackers to delete...
Enhanced Media Library < 2.8.10 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Enhanced Media Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload functionality in all versions up to, and including, 2.8.9 due to the plugin allowing 'dfxp' files to be uploaded. This makes it possible for authenticated attackers, with...
2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins
Description The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniffins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to make...
MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack PoC Make a contributor or higher user open a link where is a valid event:...
Advanced Order Export For WooCommerce < 3.4.5 - Shop Manager+ Remote Code Execution
Description The plugin is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.4. This makes it possible for authenticated attackers, with shop manager-level access and above, to execute code on the server...
Post Views Counter < 1.4.5 - Cross-Site Request Forgery via save_bulk_post_views()
Description The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the savebulkpostviews function. This makes it possible for unauthenticated attackers to save bulk post views via a forged request...
EventPrime < 3.3.5 - Unauthenticated Booking Price Manipulation
Description The plugin is vulnerable to booking price manipulations due to insufficient validation and control of booking prices in versions up to, and including, 3.3.4. This makes it possible for unauthenticated attackers to make bookings with lower prices...
WPC Smart Quick View for WooCommerce < 4.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
WPZOOM Social Feed Widget & Block < 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion
Description The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoominstagramcleardata function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with...
Element Pack Elementor Addons < 5.6.0 - Sensitive Information Exposure via element_pack_ajax_search
Description The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.5.6 via the elementpackajaxsearch function. This makes it possible for...
Gutenverse < 1.9.1 - Contributor+ Stored XSS
Description The plugin does not validate the htmlTag option in various of its block before outputting it back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the below cod...
InstaWP Connect – 1-click WP Staging & Migration < 0.1.0.23 - Unauthenticated Arbitrary File Upload
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation in the /wp-json/instawp-connect/v1/config REST API endpoint in all versions up to, and including, 0.1.0.22. This makes it possible for...
s2Member < 240325 - Limited Privilege Escalation
Description The plugin is vulnerable to limited privilege escalation in versions up to, and including, 240315. This is due to insufficient controls during user registration. This makes it possible for unauthenticated attackers to register with higher than the default permissions...
Captcha by BestWebSoft < 5.2.1 - Captcha Bypass
Description The plugin is vulnerable to CAPTCHA Bypass in versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...
Demo My WordPress < 1.1.0 - Unauthenticated Privilege Escalation
Description The Demo My WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.9.1. This is due to insufficient verification on privilege assignment. This makes it possible for unauthenticated attackers to gain elevated access to a vulnerabl...
Responsive Lightbox < 2.4.7 - Information Disclosure
Description The plugin is vulnerable to unauthorized access due to a missing capability check on the galleryattributes function in versions up to, and including, 2.4.6. This makes it possible for authenticated attackers, with contributor-level access and above, to view post content they shouldn't...
WooCommerce < 8.6.0 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Essential Blocks for Gutenberg < 4.5.4 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC To replicate this vulnerability,...
eRoom – Zoom Meetings & Webinar < 1.4.19 - Missing Authorization to Information Exposure
Description The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post...
Premium Addons for Elementor < 4.10.23 - Authenticated (Contributor+) Sensitive Information Exposure
Description The Premium Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.22. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user or configuration...