14603 matches found
GamiPress < 6.8.9 - Broken Access Control
Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken acces...
ElementsKit Elementor addons < 3.0.6 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.3 due to insufficient input sanitization and output...
Rehub < 19.6.2 - Authenticated (Subscriber+) SQL Injection
Description The Rehub theme for WordPress is vulnerable to SQL Injection in versions up to, and including, 19.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
Rehub < 19.6.2 - Authenticated (Editor+) Local File Inclusion
Description The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any...
ShortPixel Adaptive Images < 3.8.3 - Missing Authorization in activate_ai_handler and deactivate_ai_handler
Description The ShortPixel Adaptive Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activateaihandler and deactivateaihandler functions in versions up to, and including, 3.8.2. This makes it possible for unauthenticated...
Rehub < 19.6.2 - Unauthenticated Local File Inclusion
Description The Rehub theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 19.6.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can ...
REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection
Description The REHub Framework plugin for WordPress is vulnerable to SQL Injection in versions prior to 19.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
Beaver Themer < 1.4.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticat...
Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Page Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Salon booking system < 9.6.6 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Salon Services Add New...
Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on plugin configuration to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.8.5 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget
Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's QR Code Widget in all versions up to, and including, 2.8.4 due to insufficient input...
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpresscalendar' shortcode in all versions up to, and...
Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users PoC Note: This requires WooCommerce to be installed. 1. Go to "Fancy Product Designe...
Powerkit – Supercharge your WordPress Site < 2.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Call Now Button < 1.4.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to All Buttons, and...
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btbbpricelist shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
WP Chat App < 3.6.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Navigate to...
ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack PoC Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns=campaign-delete=...
Relevanssi – A Better Search < 4.22.2 - Missing Authorization to Unauthenticated Count Option Update
Description The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execu...
WP-Stateless – Google Cloud Storage < 3.4.1 - Missing Authorization to Limited Arbitrary Options Update
Description The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismissnotices function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-lev...
FooGallery < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields
Description The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type' in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output...
Sydney Toolbox < 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
ENL Newsletter <= 1.0.1 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make an admin open an HTML file containing: Name:...
Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Photo Stack Widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Bannerlid <= 1.1.0 - Reflected XSS
Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators PoC Have an admin open URLs: -...
Salon booking system < 9.6.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make an admin open a page containing the code:...
Icegram Express < 5.7.16 - Authenticated (Administrator+) Cross-Site Scripting via CSV import
Description The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and...
WP Google Review Slider < 13.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "WP Google Reviews...
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.3 - Missing Authorization to Unauthenticated Settings Reset
Description The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtpklistresetsettings function in all versions up to, and including, 4.4.2. This makes it...
Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Calendy widget in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due t...
MM-email2image <= 0.2.5 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open a file containing the HTML:...
Shortcodes Ultimate < 7.1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...
Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on the titletag attribute. This makes it possible for...
Happy Addons for Elementor < 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Title HTML Tag in all versions up to, and including, 3.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Image Watermark < 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification
Description The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermarkactionajax function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level acce...
BoldGrid Easy SEO – Simple and Effective SEO < 1.6.15 - Information Exposure
Description The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information og:description This makes it possible for unauthenticated attackers to view the first 130 characters of a...
FancyBox for WordPress 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The FancyBox for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions 3.0.2 to 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissio...
Happy Addons for Elementor < 3.10.5 - Incorrect Authorization to Information Exposure
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to insufficient authorization on the duplicatething function in all versions up to, and including, 3.10.4. This makes it possible for attackers, with contributor-level access and above...
Sassy Social Share < 3.3.61 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the...
Squelch Tabs and Accordions Shortcodes < 0.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode
Description The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
ENL Newsletter <= 1.0.1 - Admin+ SQL Injection
Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks PoC As an admin open a link like: http://example.com/wp-admin/admin.php?page=enl-campaigns=campaign-run=1%20AND%20SELECT%20%20FROM%20SELECTSLEEP5nQI...
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode'
Description The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6...
MM-email2image <= 0.2.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Add the following payload to...
File Manager < 7.2.6 - Authenticated (Administrator+) Directory Traversal
Description The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fmdownloadbackup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip file...
Jeg Elementor Kit < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box
Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image box widget in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
Elementor Addon Elements < 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...