14603 matches found
VS Contact Form < 14.8 - CAPTCHA Bypass
Description The VS Contact Form plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 14.7. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...
Simple Revisions Delete < 1.5.4 - Cross-Site Request Forgery
Description The Simple Revisions Delete plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.3. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forg...
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) < 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The OpenStreetMap for Gutenberg and WPBakery Page Builder formerly Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...
SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting
Description The SEO Title Tag plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The AI Twitter Feeds Twitter widget & shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...
IP Blocker Lite <= 11.1.1 - IP Spoofing
Description The LionScripts: IP Blocker Lite plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 11.1.1 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP Address and bypass blocklisting...
WC Marketplace < 4.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WC Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
WP Hotel Booking < 2.0.9.3 - Missing Authorization
Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.0.9.2. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Hash Elements < 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Hash Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
RT Easy Builder – Advanced addons for Elementor < 2.1 - Missing Authorization
Description The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to unauthorized plugin activation due to a missing capability check on the ajaxactivateplugins function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, wit...
Carousel Anything For WPBakery Page Builder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Carousel Anything For WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...
Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Platinum SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Modal Popup Box – Popup Builder, Show Offers And News in Popup < 1.5.3 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode
Description The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awlmodalpopupboxshortcode function. This makes it possible for...
Calendarista Basic Edition < 3.0.6 - Missing Authorization
Description The Calendarista Basic Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Comic Easel <= 1.15 - Reflected Cross-Site Scripting
Description The Comic Easel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure
Description The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled...
PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...
Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
weForms < 1.6.21 - Missing Authorization
Description The weForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handlefrontendsubmission function in versions up to, and including, 1.6.20. This makes it possible for unauthenticated attackers to submit forms that are not open...
Better Comments < 1.5.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. From the WordPress menu on the...
Jobeleon Theme < 1.9.2 - Reflected Cross-Site Scripting
Description The Jobeleon WPJobBoard theme for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting
Description The Post-Plugin Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Church Admin < 4.1.8 - Cross-Site Request Forgery
Description The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...
Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed PoC Setup ...
Chauffeur Taxi Booking System for WordPress < 7.3 - Unauthenticated Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...
MP3 Audio Player for Music, Radio & Podcast by Sonaar < 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Better Comments < 1.5.6 - Subscriber+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks. PoC 1. From the menu on the left, go into "Users" and edit Subscriber user. 2. Upload a new avatar image and click...
WPCS < 1.2.0.2 - Cross-Site Request Forgery
Description The WPCS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0.1. This is due to missing or incorrect nonce validation on the saveetalon function. This makes it possible for unauthenticated attackers to update the plugin's settings vi...
Slugs Manager < 2.7.0 - Cross-Site Request Forgery
Description The Slugs Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.7. This is due to missing or incorrect nonce validation on the maybeflushrewriterules function. This makes it possible for unauthenticated attackers to flush the...
LWS Optimize < 2.0 - Cross-Site Request Forgery
Description The LWS Optimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on the several functions. This makes it possible for unauthenticated attackers to perform unauthorized action...
Limit Attempts by BestWebSoft < 1.3.0 - Reflected Cross-Site Scripting
Description The Limit Attempts by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
Move Addons for Elementor < 1.3.0 - Missing Authorization
Description The Move Addons for Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Salon booking system < 9.5.1 - Unauthenticated Arbitrary File Upload
Description The Salon booking system plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the saveitemimage function in all versions up to, and including, 9.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
WooCommerce Customers Manager < 29.8 - Reflected XSS
Description The plugin does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the HTML page/URLs below...
CGC Maintenance Mode <= 1.2 - IP Spoofing
Description The CGC Maintenance Mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.2 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to spoof their IP address and bypass filtering...
All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting
Description The All In One Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
iFlyChat – WordPress Chat <= 4.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The iFlyChat – WordPress Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
AI WP Writer < 3.6.5.6 - Missing Authorization
Description The AI WP Writer plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 3.6.5. This makes it possible for unauthenticated attackers to perform a variety of unauthorized actions...
DX-Watermark <= 1.0.4 - Cross-Site Request Forgery
Description The DX-Watermark plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to upload arbitrary files and inject malicious web...
Spin 360 deg and 3D Model Viewer <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Spin 360 deg and 3D Model Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Social Author Bio <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The Social Author Bio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to inject malicious...
Whizzy <= 1.1.18 - Missing Authorization
Description The Whizzy plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.18. This makes it possible for unauthenticated attackers to perform an unauthorized action...
WP Hotel Booking < 2.0.9.3 - Improper Authorization on Multiple REST API Routes
Description The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to an improper capability check on the 'pricingplans', 'blockdate', 'managerbookings', and 'updatefieldroom' functions for the 'pricing-plans', 'block-date',...
YITH WooCommerce Account Funds Premium < 1.34.0 - Missing Authorization
Description The YITH WooCommerce Account Funds Premium plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.33.0. This makes it possible for authenticated attackers, with customer-level access and above, ...
GetResponse for WordPress <= 5.5.35 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Import WP < 2.13.1 - Admin+ Server-side Request Forgery
Description The plugin does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. PoC 1. As an admin, create a new importer in /wp-admin/tools.php?page=importwp 2. Visit /wp-admin/admin-ajax.php?action=rest-nonce...
Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting
Description The Add Shortcodes Actions And Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Print Page block < 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Print Page block plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...