14603 matches found
WordPress Tooltips < 9.5.3 - Cross-Site Request Forgery
Description The WordPress Tooltips plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 9.4.9. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform several...
WP2LEADS < 3.2.8 - Missing Authorization
Description The WP2LEADS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions such as importmaps in versions up to, and including, 3.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets
Description The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pricing widgets e.g. Pricing Single, Pricing Icon, Pricing Tab in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output...
Transcoder < 1.3.6 - Cross-Site Request Forgery
Description The Transcoder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the disabletranscoding and enabletranscoding functions. This makes it possible for unauthenticated attackers...
Advanced Local Pickup for WooCommerce < 1.6.3 - Missing Authorization
Description The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /include/customizer/customizer-admin.php file in versions up to, and including, 1.6.2. This makes it possible for...
Ocean Extra < 2.2.7 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘twitterusername’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...
Announcer – Notification & message bars < 6.0.1 - Missing Authorization
Description The Announcer – Notification & message bars plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the adminajax function in versions up to, and including, 6.0. This makes it possible for authenticated attackers, with subscriber-level access and...
MP3 Audio Player for Music, Radio & Podcast by Sonaar < 5.0 - Unauthenticated Arbitrary File Download
Description The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to arbitrary file downloads due to insufficient file validation on the loadlyricsajaxcallback function in all versions up to, and including, 4.10.1. This makes it possible for unauthenticated...
Wholesale For WooCommerce < 2.3.1 - Unauthenticated Arbitrary Post Deletion
Description The Wholesale For WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to delete arbitrary posts...
Language Translate Widget for WordPress – ConveyThis < 224 - Unauthenticated Stored Cross-Site Scripting via api_key
Description The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey’ parameter in all versions up to, and including, 223 due to insufficient input sanitization and output escaping. This makes it possible for...
WP Poll Maker < 3.4 - Authenticated (Subscriber+) Arbitrary File Deletion
Description The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the itepollthemeactionuninstall function and insufficient file path validation in all versions up to, and including, 3.1...
WordPress Geo Controller < 8.6.5 - PHP Object Injection
Description The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. PoC...
Carousel Slider < 2.2.7 - Editor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the Slides Per View parameter in all versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
ProfilePress < 4.15.6 - Contributor+ Stored Cross-Site Scripting via 'reg-single-checkbox'
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'reg-single-checkbox' shortcode in all versions up to, and including, 4.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Premium Addons for Elementor < 4.10.17 - Contributor+ Stored Cross-Site Scripting via Wrapper Link Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Wrapper Link Widget in all versions up to, and including, 4.10.16 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with...
Premium Addons for Elementor < 4.10.25 - Contributor+ DOM-Based Stored Cross-Site Scripting
Description The plugin is vulnerable to DOM-Based Stored Cross-Site Scripting via the plugin's Bullet List Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
All-in-One Video Gallery < 3.6.0 - Missing Authorization
Description The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized...
Auto Poster <= 1.2 - Authenticated (Administrator+) Arbitrary File Upload
Description The Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the...
WP Photo Album Plus < 8.6.03.005 - Authenticated (Subscriber+) Arbitrary File Upload
Description The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wppauserupload function in all versions up to, and including, 8.6.03.004. This makes it possible for authenticated attackers, with subscriber-level access an...
Premium Addons for Elementor < 4.10.25 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown Widget in all versions up to, and including, 4.10.24 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WP < 6.5.2 - Unauthenticated Stored XSS
Description WordPress does not escape the Author name of its Avatar block when some settings are enabled, leading to Stored Cross-Site Scripting. In a default setup, contributor and above users could perform such attack. However, if the blog is using the mentioned settings in the comment template...
Import XML and RSS Feeds < 2.1.6 - Authenticated (Administrator+) Arbitrary File Upload
Description The Import XML and RSS Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the moovesetfeaturedimage function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with administrator-level...
Forminator < 1.29.3 - Contributor+ Stored Cross-Site Scripting via forminator_form Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminatorform shortcode attribute in versions up to, and including, 1.29.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download
Description The WordPress Gallery Exporter – Export your NextGen, Envira and FooGallery galleries to your computer plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.3. This is due to the plugin improperly validating the path to requested file...
Kadence Blocks < 3.2.12 - Contributor+ Server-Side Request Forgery
Description The plugin is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.1.26 via the 'kadenceimportgetnewconnectiondata' AJAX action. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...
Premium Addons for Elementor < 4.10.28 - Contributor+ Stored Cross-Site Scripting via Button
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's button in all versions up to, and including, 4.10.27 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score < 7.1.0 - Sensitive Information Exposure via insufficiently protected files
Description The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for unauthenticated...
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings
Description The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping as well as...
Shortcodes Ultimate < 7.0.5 - Contributor+ Stored Cross-Site Scripting via 'note_color' Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'notecolor' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Elementor Addons by Livemesh < 8.3.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute
Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget 'id' attributes in all versions up to, and including, 8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Elementor Addons by Livemesh < 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for...
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions
Description The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. This makes it possible for...
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce < 2.6.4 - Authenticated (Admin+) PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP...
Responsive Tabs < 4.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabscolor value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Essential Grid < 3.1.2 - Unauthenticated Private Post Disclosure
Description The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the onfrontajaxaction function. This makes it possible for unauthenticated attackers to view private and password protected...
Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting
Description The Customily Product Personalizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user cookies in all versions up to, and including, 1.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Price List' element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Separator" element in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP Activity Log Premium < 4.6.4.1 - Authenticated (Subscriber+) SQL Injection
Description The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry-roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
BizCalendar Web <= 1.1.0.19 - Reflected Cross-Site Scripting via 'tab'
Description The BizCalendar Web plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.1.0.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tags in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
Smart Forms < 2.6.96 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new form or edit an...
WordPress Gallery Plugin – NextGEN Gallery < 3.59.1 - Missing Authorization to Unauthenticated Information Disclosure
Description The WordPress Gallery Plugin – NextGEN Gallery plugin is vulnerable to unauthorized access of data due to a missing capability check on the getitem function. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image...
FooGallery < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Best WordPress Gallery Plugin – FooGallery plugin is vulnerable to Stored Cross-Site Scripting via the foogalleryattachmentmodalsave action...
Element Pack Elementor Addons < 5.3.3 - Contributor+ Stored XSS via Custom Gallery Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the image URL parameter of the Custom Gallery Widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web...
Elementor Header & Footer Builder < 1.6.25 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the flyoutlayout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to...
Revslider < 6.7.0 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in...
Photo Gallery by 10Web < 1.8.22 - Admin+ Stored XSS via SVG
Description The plugin is vulnerable to Stored Cross-Site Scripting via SVG file uploads due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute...
Element Pack Elementor Addons < 5.5.4 - Contributor+ Stored XSS via Trailer Box Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘elementpackwrapperlink’ attribute of the Trailer Box widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...