14603 matches found
Product Sort and Display for WooCommerce < 2.4.2 - Missing Authorization
Description The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psadupdateproductcatcustommetaajax function in all versions up to, and including, 2.4.1. This makes it possible for...
Tickera < 3.5.2.5 - Ticket leakage through IDOR
Description The plugin does not prevent users from leaking other users' tickets. PoC After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?downloadticket=1key=1234567890ticketnonce=ab903b7c71, but due to missing validation, the URL can be shortened to...
MyBookTable Bookstore < 3.3.8 - Authenticated (Author+) Stored Cross-Site Scripting
Description The MyBookTable Bookstore plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SEO post data in versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level acces...
WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WordPress Meta Data and Taxonomies Filter MDTF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
OneClick Chat to Order < 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
Sharkdropship for AliExpress Dropshipping and Affiliate < 2.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Description The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticat...
Aparat for WordPress < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Aparat for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...
Premium Packages < 5.8.3 - Reflected Cross-Site Scripting
Description The Premium Packages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
WC Builder < 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WC Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Crypto Converter Widget < 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Crypto Converter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Ninja Forms Contact Form < 3.8.1 - Publicly Accessible Form Submission Export via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery This is due to missing or incorrect nonce validation on the nfdownloadallsubs AJAX action. This makes it possible for unauthenticated attackers to trigger an export of a form's submission to a publicly accessible location via a...
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Separator widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
Gutenberg Block Editor Toolkit – EditorsKit < 1.40.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes...
Church Admin < 4.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Church Admin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Easy Social Share Buttons < 9.5 - Reflected Cross-Site Scripting
Description The easy-social-share-buttons3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 9.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
MasterStudy LMS < 3.3.2 - Unauthenticated Privilege Escalation
Description The plugin is vulnerable to Privilege Escalation due to insufficient validation checks within the registeruser function called by the 'wpajaxnoprivstmlmsregister' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges...
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Icons widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
OceanWP < 3.5.5 - Subscriber+ Sensitive Information Exposure
Description The theme is vulnerable to unauthorized access of data due to a missing capability check on the loadthemepanelpane function, allowing authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys...
Easy Social Feed < 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fb_appid
Description The Easy Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fbappid' parameter in versions up to, and including, 6.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Email Subscribers & Newsletters < 5.7.12 - Reflected Cross-Site Scripting via campaign_id
Description The Email Subscribers & Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘campaignid' parameter in versions up to, and including, 5.7.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Integrate Google Drive < 1.3.9 - Missing Authorization to Unauthenticated Settings Modification and Export
Description The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check o...
Compact WP Audio Player < 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via fileurl
Description The Compact WP Audio Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fileurl’ parameter in versions up to, and including, 1.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Doneren met Mollie < 2.10.3 - Unauthenticated Reflected Cross-Site Scripting via search
Description The Doneren met Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search’ parameter in versions up to, and including, 2.10.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Info Table widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Co-marquage service-public.fr < 0.5.73 - Reflected Cross-Site Scripting via search_term
Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘searchterm’ parameter in versions up to, and including, 0.5.72 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
Font Farsi <= 1.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Funnel Builder by CartFlows < 2.0.2 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Breeze < 2.1.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape its breezeapitoken settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Bulk NoIndex & NoFollow Toolkit < 2.10 - Reflected Cross-Site Scripting via tab, order, and orderby
Description The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab', 'order', and 'orderby’ parameters in versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for...
Pods < 3.1 - Contributor+ Remote Code Execution
Description The plugin is vulnerable to Remote Code Execution via shortcode, allowing authenticated attackers, with contributor level access or higher, to execute code on the server...
WordPress File Upload < 4.24.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.24.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP Chat App < 3.6.3 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'imageAlt' block attribute due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Otter Blocks < 2.6.6 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
WP Poll Maker < 3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The WP Poll Maker – Best WordPress Poll Plugin for Voting Contest plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CP Media Player < 1.2.0 - Player Deletion and Duplication via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the adminpage function. This makes it possible for unauthenticated attackers to delete or duplicate existing audio or video players via a forged request granted they can trick a site...
Genesis Blocks < 3.1.3 - Contributor+ Stored XSS
Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks. PoC As a contributor, put the below code in a post while in Code Editor mode The XSS will be triggered when...
Dropdown Multisite selector < 0.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Dropdown multisite selector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
HUSKY < 1.3.5.3 - Admin+ Local File Inclusion
Description The plugin is vulnerable to Local File Inclusion via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...
Conversios.io < 7.0.0 - Reflected Cross-Site Scripting
Description The Conversios.io plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 6.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
Ninja Forms Contact Form < 3.8.1 - Author+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages...
BoldGrid Easy SEO – Simple and Effective SEO < 1.6.14 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description
Description The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the meta description field in all versions up to, and including, 1.6.13 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Co-marquage service-public.fr < 0.5.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Co-marquage service-public.fr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 0.5.71 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
Favorites < 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'userfavorites' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes such as 'nofavorites'. This mak...
Church Admin < 4.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via meta-text
Description The Church Admin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘meta-text’ parameter in versions up to, and including, 4.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress < 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Dracula Dark Mode – Enhanced Accessibility, Dark Mode & Reading Mode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping o...
Pods < 3.1 - Contributor+ Pods/Users Creation
Description The plugin is vulnerable to Missing Authorization due to the fact that it allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users with default role...
Ecwid Ecommerce Shopping Cart < 6.12.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
BuddyForms < 2.8.6 - Reflected Cross-Site Scripting via page
Description The BuddyForms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 2.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Pods < 3.1 - Contributor+ SQLi
Description The plugin is vulnerable to SQL Injection via shortcode due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append...