14603 matches found
ProfilePress < 4.15.5 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 4.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject...
Meta Slider < 3.70.1 - Contributor+ Stored Cross-Site Scripting via metaslider Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
GiveWP – Donation Plugin and Fundraising Platform < 3.7.0 - Contributor+ Stored Cross-Site Scripting via Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'giveform' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.9 - Contributor+ Stored Cross-Site Scripting via Block Attributes
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Ivory Search – WordPress Search Plugin < 5.5.6 - Subscriber+ Index Creation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index...
Smart Slider 3 < 3.5.1.23 - Contributor+ Stored XSS via SVG Upload
Description The plugin does not properly validate that users calling its upload function are allowed to making it possible for authenticated attackers, with contributor-level access and above, to upload files, including SVG files, which can be used to conduct stored cross-site scripting attacks...
Carousel Slider < 2.2.10 - Editor+ Stored XSS
Description The plugin does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks PoC As an Editor, create/edi...
WPvivid Backup & Migration Plugin < 0.9.100 - Admin+ PHAR Deserialization
Description The plugin is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the treenodenodeid parameter. Th...
Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.9 - Author+ Stored XSS via SVG Upload
Description The plugin is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitra...
Royal Elementor Addons < 1.3.95 - Contributor+ Stored Cross-Site Scriting
Description The plugin is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Gradient Text Widget for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Gradient Text Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...
RapidLoad Power-Up for Autoptimize < 2.2.12 - Unauthenticated Server-Side Request Forgery
Description The RapidLoad 2.2 – Speed Monster in One Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...
Sticky Buttons < 3.2.4 - Button Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
LearnPress Export Import < 4.0.4 - Authenticated (Administrator+) SQL Injection
Description The LearnPress Export Import plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Flexible Checkout Fields for WooCommerce < 4.1.3 - Missing Authorization
Description The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
Soledad < 8.4.6 - Cross-Site Request Forgery
Description The Soledad theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...
PostX – Gutenberg Blocks for Post Grid < 3.2.4 - Incorrect Authorization
Description The PostX – Gutenberg Blocks for Post Grid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with author-level access an...
Post Type Builder < 2.1.4 - Subscriber+ Arbitrary Post/Page Creation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on a function. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary pages and posts...
FG Drupal to WordPress < 3.71.0 - Sensitive Information Exposure
Description The FG Drupal to WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.70.3 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files...
Advanced Post Block < 1.13.5 - Unauthenticated Arbitrary Post Access
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the apbPosts function hooked via an AJAX action. This makes it possible for unauthenticated attackers to retrieve all post data, including those that may be password protected...
Counter Box < 1.2.4 - Counter Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Deletion
Description The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to delete arbitrary WordPress settings...
ReDi Restaurant Reservation < 24.0303 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()
Description The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 24.0128. This is due to missing or incorrect nonce validation on the redirestaurantadminoptionspage function. This makes it possible for unauthenticated...
EmbedPress < 3.9.9 - Missing Authorization via handle_calendly_data
Description The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handlecalendlydata function in versions up to, and including, 3.9.8. This makes it possible for unauthenticated attackers to update calendly settings...
Slideshow Gallery < 1.7.9 - Contributor+ SQLi
Description The plugin is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL...
Contact Form Email < 1.3.45 - Unauthenticated Sensitive Information Exposure
Description The Contact Form Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.44 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files...
WPBakery Visual Composer < 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute
Description The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...
OAuth Server < 4.4.0 - Open Redirect
Description The WP OAuth Server OAuth Authentication plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.3.3. This is due to insufficient validation on a redirect url. This makes it possible for unauthenticated attackers to redirect users to potentially...
Email Subscribers & Newsletters < 5.7.14 - Missing Authorization
Description The Email Subscribers & Newsletters plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.7.13. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Nudgify Social Proof, Sales Popup & FOMO < 1.3.4 - Cross-Site Request Forgery via sync_orders_manually()
Description The Nudgify Social Proof, Sales Popup & FOMO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the syncordersmanually function. This makes it possible for unauthenticated...
Product Designer < 1.0.33 - Unauthenticated PHP Object Injection
Description The Product Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.32 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...
BookingPress < 1.0.82 - Authenticated (Customer+) Insecure Direct Object Reference
Description The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.81 due to missing validation on a user controlled key. This makes it possible for...
SearchIQ < 4.6 - Unauthenticated Sensitive Information Exposure
Description The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files...
AWP Classifieds < 4.3.2 - Missing Authorization
Description The AWP Classifieds plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized...
Subscribe To Comments Reloaded < 240119 - Unauthenticated Sensitive Information Exposure
Description The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 220725 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files...
Church Admin < 4.0.28 - Authenticated (Contributor+) SQL Injection
Description The Church Admin plugin for WordPress is vulnerable to SQL Injection via the 'weeks' value in all versions up to, and including, 4.0.27 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Sign-up Sheets < 2.2.12 - Cross-Site Request Forgery
Description The Sign-up Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.11.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action vi...
WP Server Health Stats < 1.7.4 - Cross-Site Request Forgery
Description The WP Server Health Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.3. This is due to missing or incorrect nonce validation on the wpsscachepurgecallback function. This makes it possible for unauthenticated attackers to...
Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery
Description The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...
WebinarPress < 1.33.10 - Reflected Cross-Site Scripting
Description The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.33.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
ProfileGrid < 5.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.6 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...
Button Generator < 3.0 - Button Deletion via CSRF
Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack PoC Make a logged in admin open an HTML file containing: action...
Easy Digital Downloads < 3.2.7 - Cross-Site Request Forgery
Description The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized acti...
Slideshow Gallery < 1.7.9 - Settings Reset via CSRF
Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
ARForms Form Builder < 1.6.2 - Cross-Site Request Forgery
Description The ARForms Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...
WordPress Comments Import & Export < 2.3.6 - Cross-Site Request Forgery
Description The WordPress Comments Import & Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.5. This is due to missing or incorrect nonce validation on the doexport function. This makes it possible for unauthenticated attackers to...
ARForms Form Builder < 1.6.2 - Missing Authorization
Description The ARForms Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
WordPress Tooltips < 9.4.5 - Authenticated (Contributor+) SQL Injection
Description The WordPress Tooltips plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 9.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Easy Social Share Buttons < 9.5 - Missing Authorization
Description The Easy Social Share Buttons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 9.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...
User Spam Remover < 1.1 - Unauthenticated Sensitive Information Exposure
Description The User Spam Remover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 via a log file. This makes it possible for unauthenticated attackers to extract sensitive data from log files...