14602 matches found
Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
Description The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handlefoldersfileupload' function. This makes it possible for authenticated attackers, with author access and...
Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress < 1.7.3 - Authenticated (Author+) SQL Injection
Description The Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
Comments – wpDiscuz < 7.6.19 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.6.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
PropertyHive < 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PropertyHive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they...
WP Docs < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...
Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.4.10 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.10 due to insufficient input sanitization and output escaping. This makes it possible for...
Newsletters < 4.9.6 - Reflected Cross-Site Scripting
Description The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter
Description The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it...
Pixgraphy < 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Pixgraphy theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Link Library < 7.6.4 - Reflected Cross-Site Scripting
Description The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 7.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery
Description The Schema App Structured Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the MarkUpdate function. This makes it possible for unauthenticated attackers to update...
Idyllic < 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Idyllic theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...
Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion
Description The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version = 1.1.1 via the WIWHEADER parameter of the /system/include/includeuser.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted o...
Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
Description The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required...
HT Feed < 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The HT Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.110 - Authenticated (Contributor+) Information Exposure
Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.109 due to missing restrictions on the getPostDataByObj function. This makes it possible for authenticate...
Heateor Social Login WordPress < 1.1.33 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid < 7.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Sensei Pro (WC Paid Courses) < 4.24.0.1.24.0 - Authenticated (Student+) Stored Cross-Site Scripting
Description The Sensei Pro WC Paid Courses plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.23.1.1.23.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Student-level acces...
Rife Free < 2.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Rife Free theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-leve...
TemplatesNext OnePager <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The TemplatesNext OnePager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
YITH WooCommerce Tab Manager < 1.35.1 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The YITH WooCommerce Tab Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.35.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-leve...
Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure
Description The Widget Options - Extended plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 5.1.3 exclusive for Widget Options - Extended and all versions up to, and including, 4.0.1 for Widget Options. This makes it possible for unauthenticated attackers ...
ElementsKit PRO < 3.6.3 - Authenticated (Contributor+) Server-Side Request Forgery
Description The ElementsKit PRO plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.6.2 via the 'renderraw' function. This can allow authenticated attackers, with contributor-level permissions and above, to make web requests to arbitrary locations...
RestroPress – Online Food Ordering System < 3.1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The RestroPress – Online Food Ordering System plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
Gallery – Image and Video Gallery with Thumbnails <= 2.0.3 - Authenticated (Contributor+) SQL Injection
Description The Gallery – Image and Video Gallery with Thumbnails plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Visualizer < 3.11.2 - Authenticated (Subscriber+) SQL Injection
Description The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the saveQuery function in all versions up to, and including, 3.11.1 due to a missing capability check on a function that runs SQL Queries. This makes it possible for...
Heateor Social Login WordPress < 1.1.33 - Unauthenticated Stored Cross-Site Scripting
Description The Heateor Social Login WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling Plugin < 1.0.22 - Missing Authorization to Limited Privilege Escalation
Description The Timetics- AI-powered Appointment Booking with Visual Seat Plan and ultimate Calendar Scheduling plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makestaff function in all versions up to, and including, 1.0.21. This...
Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE < 2.6.12 - Authenticated (Subscriber+) Information Exposure
Description The Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.11. This makes it possible for authenticated attackers, with Subscriber-level access and abov...
Theme < 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Event theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display name in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
Folders Pro < 3.0.3 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload
Description The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handlefoldersfileupload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to...
Kenta Blocks – Responsive Blocks and block templates library < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Kenta Blocks – Responsive Blocks and block templates library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group PoC The PoC will be displayed on June 26, 2024, to give users t...
LA-Studio Element Kit for Elementor < 1.3.7.4 - Missing Authorization
Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Album Gallery – WordPress Gallery < 1.5.8 - Missing Authorization
Description The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxalbumgallery and agsavesettings functions in versions up to, and including, 1.5.7. This makes it possible for authenticated...
Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS
Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
Ovic Importer <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Download
Description The Ovic Importer plugin for WordPress is vulnerable to Arbitrary File Download Traversal in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, whi...
Block for Font Awesome < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Block for Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! < 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widge
Description The Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Horizontal Nav Menu' widget in all versions up to...
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget
Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Link Effects widget in all versions up to, and including, 2.7.20 due to insufficient input sanitizati...
Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
BuddyPress Cover <= 2.1.4.2 - Unauthenticated Arbitrary File Upload
Description The BuddyPress Cover plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.1.4.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may...
CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection
Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...
Dashboard Widgets Suite < 3.4.4 - Reflected Cross-Site Scripting
Description The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
Divi Torque Lite – Divi Theme and Extra Theme < 4.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload
Description The Divi Torque Lite – Divi Theme and Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘supportunfilteredfilesupload’ function in all versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it...
BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library < 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping on...
WPQA < 6.1.1 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
GDPR/CCPA Cookie Consent Banner < 3.2.1 - Missing Authorization via handle_consent_toggle()
Description The GDPR/CCPA Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleconsenttoggle function in versions up to, and including, 3.2. This makes it possible for unauthenticated attackers to toggle conse...