14603 matches found
Easy Form Builder < 3.7.5 - Authenticated (Contributor+) SQL Injection
Description The Easy Form Builder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.7.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...
MasterStudy LMS < 3.3.4 - Unauthenticated Local File Inclusion via template
Description The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...
Ultimate Social Comments – Email Notification & Lazy Load <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ultimate Social Comments – Email Notification & Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP Directory Kit < 1.3.1 - Authenticated (Subscriber+) SQL Injection
Description The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'attributevalue' and 'attributeid' parameters in all versions up to, and including, 1.3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
Paid Memberships Pro – Mailchimp Add On < 2.3.5 - Unauthenticated Information Disclosure
Description The Paid Memberships Pro – Mailchimp Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.4 via log files. This makes it possible for unauthenticated attackers to extract information from log files...
Booking Package < 1.6.29 - Unauthenticated Price Manipulation
Description The Booking Package plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 1.6.27. This is due to insufficient validation on the pricing data being passed to the server. This makes it possible for unauthenticated attackers to modify the price of...
Responsive flipbook <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Responsive flipbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Heading' widgets in all versions up to, and including, 1.4.4.1 due to insufficient input sanitization and output escaping on user supplied...
Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link
Description The Global Elementor Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link URL in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
FG PrestaShop to WooCommerce < 4.47.0 - Unauthenticated Sensitive Information Disclosure
Description The FG PrestaShop to WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.45.1. This makes it possible for unauthenticated attackers to view data in log files...
User Rights Access Manager <= 1.1.2 - Reflected Cross-Site Scripting
Description The User Rights Access Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.2 - Cross-Site Request Forgery
Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5.1. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated...
WholesaleX < 1.3.3 - Unauthenticated Privilege Escalation
Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to escalate their privileges...
Brave Popup Builder < 0.6.6 - Unauthenticated Server-Side Request Forgery
Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.6.5. This makes it possible for unauthenticated attackers to make web requests to...
Sponsors <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference
Description The Thumbs Rating plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.0 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action...
WP Express Checkout (Accept PayPal Payments) < 2.3.8 - Unauthenticated Price Manipulation
Description The WP Express Checkout Accept PayPal Payments plugin for WordPress is vulnerable to price manipulation in all versions up to, and including, 2.3.7. This is due to insufficient validation on the pricing data being passed to the server. This makes it possible for unauthenticated...
Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization
Description The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.15.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perfor...
Custom post types, Custom Fields & more < 5.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post me...
CMB2 < 2.11.0 - Authenticated (Contributor+) PHP Object Injection
Description The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, ...
wp-forecast < 9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The wp-forecast plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
WP Twitter Mega Fan Box Widget <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Twitter Mega Fan Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection
Description The 10Web Map Builder for Google Maps plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.74 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Import Export WordPress Users < 2.5.3 - Authenticated (Shop Manager+) Path Traversal
Description The Export and Import Users and Customers plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with shop manager-level access and above, to read the contents of arbitrary files on the...
LearnPress < 4.2.6.4 - Insecure Direct Object Reference
Description The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated...
Gutenberg Blocks by Kadence Blocks < 3.2.26 - Authenticated (Author+) Server-Side Request Forgery
Description The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.2.25. This makes it possible for authenticated attackers, with author-level access and above, to make web requests t...
WP Travel Engine < 5.8.0 - Authenticated (Administrator+) SQL Injection
Description The WP Travel Engine plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers...
Newsletter < 8.2.1 - IP Spoofing
Description The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 8.2.0 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP address and bypas...
Watu Quiz < 3.4.1.1 - Sensitive Information Disclosure
Description The Watu Quiz plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1 via the watu-userinfo shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive user meta...
Paid Memberships Pro – Payfast Gateway Add On < 1.4.2 - Unauthenticated Information Exposure
Description The Paid Memberships Pro – Payfast Gateway Add On plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.1 via log files. This makes it possible for unauthenticated attackers to extract potentially sensitive information from log...
ProfileGrid < 5.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description The ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.7.2 due to missing validation on a user controlled key. This makes it possible for authenticated attacker...
OSS Aliyun < 1.4.11 - Authenticated (Administrator+) SQL Injection
Description The OSS Aliyun plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...
Passster < 4.2.6.5 - Contributor+ Stored XSS via content_protector Shortcode
Description The plugin does not validate and escape some of its contentprotector shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CRM Perks Forms < 1.1.5 - Authenticated (Contributor+) SQL Injection
Description The CRM Perks Forms plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...
Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) < 3.2.10 - Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions eCommerce Store + Payments Made Easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to download the...
pageMash > Page Management <= 1.3.0 - Reflected Cross-Site Scripting
Description The pageMash Page Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Header Image Slider <= 0.3 - Reflected Cross-Site Scripting
Description The Header Image Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
OpenID <= 3.6.1 - Reflected Cross-Site Scripting
Description The OpenID plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...
Sliced Invoices < 3.9.3 - Missing Authorization
Description The Sliced Invoices plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the suretoemail function in versions up to, and including, 3.9.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to send...
Broken Images <= 0.2 - Cross-Site Request Forgery
Description The Broken Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...
Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
Description The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including...
GamiPress < 6.8.6 - Cross-Site Request Forgery
Description The GamiPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.8.5. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request...
Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting
Description The Appointment Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
Creative Image Slider – Responsive Slider Plugin < 2.5.0 - Reflected Cross-Site Scripting
Description The Creative Image Slider – Responsive Slider Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Web Icons < 1.0.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Web Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Contact Form 7 Newsletter <= 2.2 - Reflected Cross-Site Scripting
Description The Contact Form 7 Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
Tainacan < 0.20.8 - Missing Authorization
Description The Tainacan plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 0.20.7. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Klarna Payments for WooCommerce < 3.3.0 - Missing Authorization
Description The Klarna Payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery
Description The Change default login logo,url and title plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce. This makes it possible for unauthenticated attackers to perform an unauthorized action and...
Slider by Supsystic < 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Slider by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...