14603 matches found
Formsite | Embed online forms to collect orders, registrations, leads, and surveys < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Formsite | Embed online forms to collect orders, registrations, leads, and surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for...
Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated Arbitrary Email Sending
Description The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the a function in versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to send arbitrary emails...
WP Import Export Lite < 3.9.27 - Authenticated (Administrator+) PHP Object Injection
Description The WP Import Export Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.9.26 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...
Post Type Builder <= 2.0.8 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
WPBakery Visual Composer < 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author
Description The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Author tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...
Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks PoC As an admin open HTML file containing: action...
Shopping Cart & eCommerce Store < 5.6.4 - Contributor+ SQL Injection
Description The plugin is vulnerable to SQL Injection via the 'productid' attribute of the ecaddtocart shortcode due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
AIKit <= 4.14.1 - Authenticated (Contributor+) SQL Injection
Description The AIKit plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
Generate Child Theme < 2.0.1 - Cross-Site Request Forgery via process_create_form()
Description The Generate Child Theme plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the processcreateform function. This makes it possible for unauthenticated attackers to generate a...
EmbedPress < 3.9.12 - Missing Authorization
Description The EmbedPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the deletesourcedata and savesourcedata functions in versions up to, and including, 3.9.11. This makes it possible for unauthenticated attackers to modify data sources...
Bricksforge < 2.1.1 - Missing Authorization to Unauthenticated WordPress Settings Update
Description The Bricksforge plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to update arbitrary WordPress settings...
WPBakery Visual Composer < 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute
Description The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Heading tag attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...
Sumo < 1.35 - Cross-Site Request Forgery
Description The Sumo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.34. This is due to missing or incorrect nonce validation on the ajaxsumoaddwoocommercecoupon and ajaxsumoremovewoocommercecoupon functions. This makes it possible for...
Side Menu Lite < 4.2.1 - Menu Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data...
Popup Box < 2.2.7 - Popup Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
Soledad < 8.4.6 - Missing Authorization
Description The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...
WC Marketplace < 4.1.4 - Missing Authorization
Description The WC Marketplace plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...
WPBakery Visual Composer < 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute
Description The wpbakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...
Media Library Folders < 8.1.9 - Authenticated (Author+) Directory Traversal
Description The Media Library Folders plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.1.8. This makes it possible for authenticated attackers, with author-level access and above, to read/access the contents of arbitrary files on the server, which...
Testimonials < 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
ConvertKit < 2.4.6 - Unauthenticated Sensitive Information Exposure
Description The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.5 via log files. This makes it possible for unauthenticated attackers to extract sensitive...
Herd Effects < 5.2.7 - Effect Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
Float menu < 6.0.1 - Menu Deletion via CSRF
Description The plugin does not have CSRF check in its bulk actions, which could allow attackers to make logged in admin delete arbitrary menu via a CSRF attack. PoC Make a logged in admin open one a page with the code below, this will make them delete the menu with ID 1:...
Easy Social Share Buttons < 9.5 - Authenticated (Subscriber+) Local File Inclusion
Description The Easy Social Share Buttons for WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the...
Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Easy Login Styler – White Label Admin Login Page for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for...
Smart Online Order for Clover < 1.5.5 - Cross-Site Request Forgery
Description The Smart Online Order for Clover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.4. This is due to missing or incorrect nonce validation on the pagecoupons function. This makes it possible for unauthenticated attackers to...
User Activity Log < 2.0 - Admin+ SQL Injection
Description The plugin is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL...
Multiple Page Generator Plugin – MPG < 3.4.1 - Cross-Site Request Forgery
Description The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the deleteproject action. This makes it possible for unauthenticated attackers to...
Loan Repayment Calculator and Application Form < 2.9.5 - Cross-Site Request Forgery
Description The Loan Repayment Calculator and Application Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers ...
Modal Window < 5.3.10 - Modal Deletion via CSRF
Description The plugin does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack PoC Have a logged in admin open an HTML file containing where ID is an existing modal: action...
MailMunch – Grow your Email List < 3.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The MailMunch – Grow your Email List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Edwiser Bridge < 3.0.4 - Authenticated (Administrator+) SQL Injection
Description The Edwiser Bridge plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...
JS Help Desk – Best Help Desk & Support Plugin < 2.8.4 - Missing Authorization
Description The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.8.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Ultimate Maps by Supsystic < 1.2.17 - Cross-Site Request Forgery
Description The Ultimate Maps by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.16. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized...
Soledad < 8.4.6 - Missing Authorization
Description The Soledad theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...
Ultimate Store Kit Elementor Addons < 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ultimate Store Kit Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...
WooCommerce Checkout Field Editor (Checkout Manager) < 2.1.9 - Cross-Site Request Forgery
Description The WooCommerce Checkout Field Editor Checkout Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the saveoptions function. This makes it possible for unauthenticated...
Church Admin < 4.1.6 - Authenticated (Subscriber+) Arbitrary File Upload
Description The Church Admin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the...
AppPresser < 4.3.1 - Cross-Site Request Forgery via toggle_logging_callback()
Description The AppPresser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the toggleloggingcallback function. This makes it possible for unauthenticated attackers to toggle the loggi...
Form to Chat App < 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Form to Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
WordPress Backup & Migration < 1.4.8 - Unauthenticated Sensitive Information Exposure
Description The WordPress Backup & Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files...
Profile Builder < 3.11.3 - Restricted Email Bypass
Description The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to restricted email domain bypass in all versions up to, and including, 3.11.2. This makes it possible for unauthenticated attackers to register with email...
ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Reflected Cross-Site Scripting
Description The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for...
App Builder < 3.8.8 - Open Redirection
Description The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.8.7. This is due to insufficient validation on the redirect url supplied via the 'url' parameter. This makes it possible for...
Church Admin < 4.1.7 - Missing Authorization
Description The Church Admin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the several functions in versions up to, and including, 4.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform...
Masteriyo - LMS < 1.7.3 - Unauthenticated Privilege Escalation
Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated...
WordPress Tooltips < 9.5.3 - Cross-Site Request Forgery
Description The WordPress Tooltips plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.4.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform several...
WP2LEADS < 3.2.8 - Missing Authorization
Description The WP2LEADS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions such as importmaps in versions up to, and including, 3.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets
Description The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output...