14603 matches found
WP Post Disclaimer < 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Post Disclaimer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the content disclaimer in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting
Description The SEO Backlink Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address
Description The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for...
Fancy Comments WordPress < 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Fancy Comments WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's facebookcommentsshortcode shortcode function in all versions up to, and including, 1.2.14 due to insufficient input sanitization and output escaping on user supplied...
Post Grid, Slider & Carousel Ultimate < 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more < 4.5.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Media Cloud for Bunny CDN, Amazon S3, Cloudflare R2, Google Cloud Storage, DigitalOcean and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 4.5.24 due to insufficient input sanitization and...
WP Change Email Sender < 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Change Email Sender plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject...
ReDi Restaurant Reservation < 24.0303 - Reflected Cross-Site Scripting
Description The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 24.0128 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...
Slider Hero < 8.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Slider Hero with Animation, Video Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload
Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated...
Exclusive Addons Elementor < 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Exclusive Addons Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
iCalendrier < 1.81 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The iCalendrier plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Photo Gallery by Supsystic < 1.15.17 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Photo Gallery by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.15.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
RoyalSlider < 3.4.3 - Reflected Cross-Site Scripting
Description The RoyalSlider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Frontend Dashboard < 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Frontend Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
StreamWeasels Twitch Integration < 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.1 - Reflected Cross-Site Scripting
Description The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting parameter in versions up to, and including, 4.4.0 due to insufficient input sanitization and output escaping. This makes it possible for...
RegistrationMagic < 5.3.1.0 - Cross-Site Request Forgery
Description The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.0.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...
List category posts < 0.89.7 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on user supplied attributes like 'titletag'. This makes it possible for authenticated attackers with contributor-level and above...
Master Addons for Elementor < 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Master Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.5.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...
Photo Gallery by Ays < 5.5.3 - Reflected Cross-Site Scripting
Description The Photo Gallery by Ays plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
Hot Random Image < 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' attribute in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...
Locatoraid Store Locator < 3.9.31 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.9.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP Fast Total Search < 1.60.213 - Authenticated (Contributor+) Stored Cross-Site Scripting via WPFTS Live Search Widget
Description The WP Fast Total Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the WPFTS Live Search widget in versions up to, and including, 1.59.211 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Tutor LMS Elementor Addons < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
WP-Lister Lite for Amazon < 2.6.9 - Reflected Cross-Site Scripting
Description The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
WishSuite < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WishSuite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Survey Maker < 4.0.7 - Reflected Cross-Site Scripting
Description The Survey Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
GS Pins for Pinterest < 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode
Description The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping o...
Grid Shortcodes < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Grid Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Off-Canvas Sidebars & Menus (Slidebars) < 0.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Off-Canvas Sidebars & Menus Slidebars plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
WordPress Importer < 1.0.5 - Reflected Cross-Site Scripting
Description The WordPress Importer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Web Icons < 1.0.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Web Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.0.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EventPrime < 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The EventPrime plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
ElementsKit Elementor addons < 3.0.7 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the button ID parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will...
Premium Packages < 5.8.3 - Reflected Cross-Site Scripting
Description The Premium Packages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Gratisfaction < 4.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Gratisfaction plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
MailChimp Forms by MailMunch < 3.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Simply Static < 3.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Simply Static plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Creative Addons for Elementor < 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Creative Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.5.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Travelers' Map < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Travelers' Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
WP-Members Membership Plugin < 3.4.9.3 - Unauthenticated Stored Cross-Site Scripting
Description The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Molongui < 4.7.8 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Molongui plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrar...
WP-Lister Lite for Amazon < 2.6.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP-Lister Lite for Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin < 1.26.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Block HTML in all versions up to, and including, 1.26.2 due to insufficient input sanitization and output escaping. This makes it possible for...
WPFront Notification Bar < 3.4 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...
Shipping with Venipak for WooCommerce < 1.19.6 - Reflected Cross-Site Scripting via 'venipak_labels_link'
Description The Shipping with Venipak for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'venipaklabelslink' parameter in versions up to, and including, 1.19.5 due to insufficient input sanitization and output escaping. This makes it possible for...
Buddypress Moderation <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting
Description The Buddypress Moderation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...