14603 matches found
BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin < 1.0.88 - Authenticated (Admin+) Arbitrary File Upload
Description The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient filename validation in the 'bookingpressprocessupload' function in all versions up to, and including 1.0.87. This allows an authenticated attacker with administrator-level capabilities or...
Easy Social Feed < 6.5.7 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Post Grid < 2.2.76 - Reflected Cross-Site Scripting
Description The Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.2.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Announce from the Dashboard < 1.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Announce from the Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
BizPrint < 4.5.4 - Printer Settings Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation within printer management. This makes it possible for unauthenticated attackers to modify printer settings and potentially perform other unauthorized actions via a forged request grante...
Relevanssi Pro < 2.25 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data...
Template Kit – Import < 1.0.15 - Author+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the template upload functionality due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that wil...
Unlimited Elements For Elementor < 1.5.94 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
Beaver Builder < 2.8.0.7 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitra...
Forminator < 1.29.1 - Unauthenticated Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via an uploaded file e.g. 3gpp file due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...
Metform Elementor Contact Form Builder < 3.8.6 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
Colibri Page Builder < 1.0.270 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibriposttitle' shortcode due to insufficient input sanitization and output escaping on user supplied attributes such as 'headingtype'. This makes it possible for authenticated attackers, with contributor-leve...
BizPrint < 4.5.4 - Unauthenticated WC Order Data Access
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the showTemplatePreview function. This makes it possible for unauthenticated attackers to expose potentially sensitive WooCommerce order data...
Save as PDF by Pdfcrowd < 3.2.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings Save as Image"...
FV Flowplayer Video Player < 7.5.44.7212 - Reflected Cross-Site Scripting
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the block content due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute...
Forminator < 1.29.1 - Reflected Cross-Site Scripting
Description The plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into...
SEO Plugin by Squirrly SEO < 12.3.17 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
Popup Builder < 4.2.7 - Contributor Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's sgpopup shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...
Essential Addons for Elementor < 5.9.14 - Author+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possible for authenticated attackers, with author-level access and above, to inject ...
WP Google Maps < 9.0.30 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an...
PowerPack Addons for Elementor < 2.7.18 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the htmltag attribute of multiple widgets due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web script...
WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure
Description The plugin does not have authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber, to call it and retrieve the list of customer email addresses along with their id, first name and last name PoC As a subscriber, open the following URL:...
LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection
Description The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the lsgetpopupmarkup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Custom Order Status for WooCommerce < 2.4.0 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as...
HT Mega < 2.4.4 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Unlimited Elements For Elementor < 1.5.97 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the link field of an installed widget e.g., 'Button Link' due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acce...
Piotnet Addons For Elementor < 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
WPFront User Role Editor < 4.1.0 - Limited Information Exposure
Description The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with...
Booster for WooCommerce < 7.1.8 - Reflected Cross-Site Scripting
Description The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Fullscreen Galleria < 1.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Fullscreen Galleria plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...
PowerPack Addons for Elementor < 2.7.19 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Twitter Tweet widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that...
ReviewX < 1.6.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The ReviewX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Sunshine Photo Cart < 3.1.2 - Reflected Cross-Site Scripting
Description The Sunshine Photo Cart plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
Image Hover Effects – Elementor Addon < 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'eihe_align'
Description The Image Hover Effects – Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eihealign' parameter in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
Woo Viet < 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Woo Viet – WooCommerce for Vietnam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Exchange Rates Widget < 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Exchange Rates Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
ElementsKit Elementor addons < 3.0.7 - Contributor+ Local File Inclusion
Description The plugin is vulnerable to Local File Inclusion via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...
Podlove Podcast Publisher < 4.0.10 - Reflected Cross-Site Scripting
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
Sina Extension for Elementor < 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
PropertyHive < 2.0.9 - Reflected Cross-Site Scripting
Description The PropertyHive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Podlove Web Player < 5.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Podlove Web Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' variable in versions up to, and including, 5.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...
Simply Schedule Appointments < 1.6.6.24 - Reflected Cross-Site Scripting
Description The Simply Schedule Appointments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WP Directory Kit < 1.3.0 - Reflected Cross-Site Scripting
Description The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Portfolio Gallery – Image Gallery Plugin < 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
FlatPM < 3.1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The FlatPM plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 3.1.05 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web script...
Exclusive Addons Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Exclusive Addons Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access
Description The plugin is vulnerable to Sensitive Information Exposure via the loadmore function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts...
WCFM – Frontend Manager for WooCommerce < 6.7.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Description The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.7.8 due to insufficient input sanitization and output escaping...
WP Post Disclaimer < 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Post Disclaimer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the content disclaimer in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...