14603 matches found
All In One WP Security < 5.2.7 - Cross-Site Request Forgery to IP Blocking
Description The All-In-One Security AIOS – Security and Firewall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.6. This is due to missing or incorrect nonce validation on the render404detection function. This makes it possible for...
CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Wholesale For WooCommerce < 2.3.1 - Unauthenticated Information Exposure
Description The woocommerce-wholesale-pricing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Themify Event Post < 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Themify Event Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
ProfileGrid < 5.7.9 - Authenticated (Subscriber+) SQL Injection
Description The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...
Molongui < 4.7.8 - Authenticated (Author+) Insecure Direct Object Reference
Description The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.7.7 due to missing validation on a user controlled key. This makes it possible for authenticated...
Webinar and Video Conference with Jitsi Meet < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Webinar and Video Conference with Jitsi Meet plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Social Icons Widget & Block by WPZOOM < 4.2.16 - Missing Authorization
Description The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the zoomajaxsetpointertransient function in versions up to, and including, 4.2.15. This makes it possible for authenticated attackers, with...
WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WooCommerce Bookings Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...
ElementsKit Elementor addons < 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
Description The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown widget in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CMP – Coming Soon & Maintenance < 4.1.11 - Authenticated (Admin+) Server-Side Request Forgery
Description The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.1.10. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests...
Media Library Folders < 8.1.8 - Authenticated (Author+) SQL Injection
Description The Media Library Folders plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
LearnPress – WordPress LMS Plugin < 4.0.1 - Cross-Site Request Forgery to Privilege Escalation
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filterusers functions. This makes it possible for unauthenticated attackers t...
Tumult Hype Animations < 1.9.12 - Cross-Site Request Forgery to Cross-Site Scripting
Description The Tumult Hype Animations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.11. This is due to missing or incorrect nonce validation on the hypeanimationsupdatecontainer function. This makes it possible for unauthenticated...
CRM Perks Forms < 1.1.5 - Unauthenticated SQL Injection
Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacker...
Woocommerce Social Media Share Buttons <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting
Description The Woocommerce Social Media Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Reflected Cross-Site Scripting
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Watu Quiz < 3.4.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Yoo Slider < 2.2.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Gutenberg Blocks by Kadence Blocks < 3.2.18 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings
Description The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form message settings in all versions up to and including 3.2.17 due to insufficient input sanitization and output escaping. This makes it...
Spectra – WordPress Gutenberg Blocks < 2.10.4 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS
Description The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS metabox in all versions up to and including 2.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Classified Listing – Classified ads & Business Directory Plugin < 3.0.5 - Missing Authorization
Description The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtclimportlocation rtclimportcategory functions in all versions up to, and including, 3.0.4. Th...
Nelio Content < 3.2.1 - Authenticated (Contributor+) Server-Side Request Forgery
Description The Nelio Content – Best Editorial Calendar & Social Media Scheduling plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to make web...
PageLayer < 1.8.2 - Missing Authorization
Description The PageLayer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the pagelayertrashpost function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...
WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
Description The plugin does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations. PoC 1. Log in as an administrator 2. Visit...
Sticky Anything <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting
Description The Sticky Anything plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout
Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all versions up to, and including, 2.8....
WP-CRM System < 3.2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WordPress CRM Plugin – WP-CRM System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) SQL Injection
Description The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...
Element Pack Elementor Addons < 5.5.4 - Authenticated (Contributor+) SQL Injection
Description The Element Pack Elementor Addons plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Finale Lite < 2.18.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation
Description The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 2.18.0. This makes it possible for authenticated attackers, with...
Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and CountUp Widget
Description The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown and CountUp Widget in all versions up to, and including, 3.2.31 due to insufficient input sanitization and output escaping on user supplie...
Classified Listing < 3.0.5 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account
Description The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.4. This is due to missing or incorrect nonce validation on the 'rtclupdateuseraccount' function. This makes it...
Falang multilanguage < 1.3.48 - Authenticated (Administrator+) SQL Injection
Description The Falang multilanguage plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.3.47 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
WordPress Page Builder – Zion Builder < 3.6.10 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WordPress Page Builder – Zion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Zotpress < 7.3.8 - Authenticated (Contributor+) SQL Injection
Description The Zotpress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 7.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
WordPress Announcement & Notification Banner Plugin – Bulletin < 3.9.0 - Authenticated (Administrator+) SQL Injection
Description The WordPress Announcement & Notification Banner Plugin – Bulletin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.8.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
WP Cost Estimation & Payment Forms Builder < 10.1.76 - Authenticated (Contributor+) SQL Injection
Description The WP Cost Estimation & Payment Forms Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 10.1.75 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Essential Blocks for Gutenberg < 4.4.10 - Missing Authorization
Description The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.4.9. This makes it possible for authenticated attackers, with contributor-level access and above, to perform unauthorized...
WooCommerce Multilingual & Multicurrency < 5.3.5 - Missing Authorization
Description The WooCommerce Multilingual & Multicurrency plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting
Description The Tax Rate Upload plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
underConstruction < 1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The underConstruction plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
Weekly Class Schedule <= 3.19 - Reflected Cross-Site Scripting
Description The Weekly Class Schedule plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
Builderall Builder for WordPress < 2.0.2 - Unauthenticated Server-Side Request Forgery
Description The Builderall Builder for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application whi...
LearnPress < 4.2.6.4 - Authenticated(LP Instructor+) Stored Cross-Site Scripting
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible f...
ProfileGrid < 5.7.9 - Unauthenticated SQL Injection
Description The ProfileGrid plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate AGCA, and select the...
Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection
Description The Filter Custom Fields & Taxonomies Light plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.05 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to...
WP Travel Engine < 5.8.0 - Unauthenticated SQL Injection
Description The WP Travel Engine plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
Jeg Elementor Kit < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial
Description The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...