14603 matches found
Stackable < 3.12.12 - Contributor+ Stored XSS via Posts Block
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Postv2 block title tag due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget
Description The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Calculated Fields Form < 1.2.55 - Reflected Cross-Site Scripting
Description The Calculated Fields Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Better Elementor Addons < 1.4.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the widget link URL values due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...
Sydney Toolbox < 1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection
Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9...
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Unauthenticated Stored Cross-Site Scripting
Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in all versions up to, and including, 1.12.9 due to insufficient input sanitization and output...
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection
Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied...
WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection
Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to...
Element Pack Elementor Addons < 5.5.4 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the link URL due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute...
Shortlinks by Pretty Links < 3.6.3 - Reflected Cross-Site Scripting via post_status
Description The plugin does not sanitise and escape the poststatus parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Responsive < 5.0.3 - Missing Authorization to HMTL Injection
Description The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML...
MasterStudy LMS < 3.3.1 - Unauthenticated Local File Inclusion via modal
Description The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of an...
WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update
Description The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin...
News Wall <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update
Description The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwapnewslistpage function. This makes it possible for unauthenticated attackers to update the plugin'...
Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update
Description The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the...
Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection
Description The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with...
Otter Blocks < 2.6.6 - Contributor+ Stored XSS
Description The plugin does not properly escape its mainHeadings blocks' attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks. PoC As a contributor, put the following payload in a post while in Code Editor mode The XSS will be triggered wh...
Easy Appointments < 3.11.19 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eafullcalendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Livemesh Addons for WPBakery Page Builder < 3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Bold Page Builder < 4.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via class
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the css class in versions up to, and including, 4.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...
Advanced Sermons < 3.2 - Reflected Cross-Site Scripting via s
Description The Advanced Sermons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
BizPrint < 4.5.6 - Cross-Site Request Forgery to Cross-Site Scripting via process.php
Description The BizPrint plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.5. This is due to missing or incorrect nonce validation in the process.php file. This makes it possible for unauthenticated attackers to generate invoices containing...
Easy Appointments < 3.11.19 - Insufficient Authorization
Description The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajaxcancelappointment function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other...
Button < 1.1.28 - Contributor+ PHP Object Injection in button_shortcode
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable...
WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Christmas Greetings <= 1.2.5 - Reflected Cross-Site Scripting
Description The Christmas Greetings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the code parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Pocket News Generator <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for...
130+ Widgets | Best Addons For Elementor – FREE < 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
Elementor Addon Elements < 1.13.3 - Contributor+ DOM-Based Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in...
DearFlip < 2.2.27 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'forcefit ' parameter due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute...
Astra < 4.6.5 - Editor+ Stored XSS via Theme Header/Footer
Description The theme is vulnerable to Stored Cross-Site Scripting via the theme header and footer content due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will...
affiliate-toolkit < 3.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via ratings
Description The affiliate-toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various ratings postmeta parameters in versions up to, and including, 3.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Media Library Assistant < 3.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode
Description The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP ERP < 1.30.0 - Authenticated (Accounting Manager+) SQL Injection via id
Description The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter...
Product Import Export for WooCommerce < 2.4.2 - Authenticated(Shop Manager+) Arbitrary File Upload
Description The Product Import Export for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'imagelibraryattachment' function in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with Sho...
Radio Player < 2.0.74 - Missing Authorization via get_players
Description The Radio Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getplayers' function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to retrieve a list of radio players...
Meta Tag Manager < 3.1 - Subscriber+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the getpostdata function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a PO...
WholesaleX < 1.3.2 - Sensitive Information Exposure via export_users
Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the 'exportusers'. This makes it possible for authenticated attackers,...
Elementor Addon Elements < 1.13.2 - Contributor+ Stored XSS
Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to...
Salon Booking System < 9.6.3 - Unauthenticated Stored XSS
Description The plugin does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the...
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress < 6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.9.0 due to insufficient input sanitization and...
Salon booking system < 9.6.3 - Unauthenticated Stored XSS
Description The plugin does not properly sanitize and escape the 'Mobile Phone' field and 'smsprefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Bookings' page and the malicious...
Hubbub Lite – Fast, Reliable Social Network Sharing Buttons < 1.33.2 - PHP Object Injection
Description The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpspmaybeunserialize' function. This makes it possible for authenticated...
Events Manager < 6.4.7.2 - Cross-Site Request Forgery
Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticat...
WP Staging (Free < 3.4.0, Pro < 5.4.0) - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "WP Staging Backup &...
WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness
Description The plugin is vulnerable to Sensitive Information Exposure via the use of insufficiently random snapshot names, allowing unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames...
WholesaleX < 1.3.2 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions
Description The WholesaleX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcinstallcallback AJAX function in versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and...
coreActivity < 2.1 - Unauthenticated IP Spoofing
Description The plugin retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value PoC As unauthenticated: curl 'https://example.com/attacker' -H 'X-FORWARDED: 127.0.0.1' Then view the logs and note that the plugin...
Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC...