14602 matches found
Sensei LMS <= 4.23.1 & Sensei Pro (WC Paid Courses) <= 4.24.0.1.24.0 - Missing Authorization
Description The Sensei LMS and Sensei Pro WC Paid Courses plugins for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flushrewriterules function in versions up to, and including, 4.23.1 and . 4.24.0.1.24.0 respectively. This makes it possible...
Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow < 1.4.0 - Missing Authorization
Description The Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxmediaslider and mssavesettings functions in versions up to, and including, 1.3.9. This...
WP Time Slots Booking Form < 1.2.11 - Unauthenticated Stored Cross-Site Scripting
Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
Easy Forms for Mailchimp <= 6.9.0 - Missing Authorization
Description The Easy Forms for Mailchimp plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.9.0. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Dashboard To-Do List < 1.3.0 - Missing Authorization via ardtdw_widgetsetup()
Description The Dashboard To-Do List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ardtdwwidgetsetup function in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level acces...
WPBakery Page Builder < 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute
Description The WPBakery Visual Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link attribute within the vcsingleimage shortcode in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Extra Product Options for WooCommerce < 3.0.7 - Missing Authorization
Description The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the epofwgetdatabasedoncd and epofwchangefieldbasedontype functions in versions up to, and including, 3.0.6. This makes it possible fo...
WP Visitors Tracker < 2.4 - Reflected Cross-Site Scripting
Description The WP Visitors Tracker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) < 5.2.4 - Cross-Site Request Forgery
Description The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.3. This is due to missing or incorrect nonce validation on the wpacheckauthentication function...
Kognetiks Chatbot for WordPress < 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
Bosa Elementor Addons and Templates for WooCommerce < 1.0.13 - Missing Authorization
Description The Bosa Elementor Addons and Templates for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the startimporter and pluginrequirements functions in versions up to, and including, 1.0.12. This makes it possible for...
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.20 - Missing Authorization
Description The BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wc4bpshopprofilesyncajax function in versions up to, and including, 3.4.19. This makes it...
Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
Description The plugin allows any authenticated user to join a private group due to a missing authorization check on a function PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery < 1.4.6 - Missing Authorization
Description The Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaximagegallery and igsavesettings functions in versions up to, and including, 1.4.5. This...
Upunzipper <= 1.0.0 - Authenticated (Admin+) Arbitrary File Deletion
Description The Upunzipper plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote cod...
ElasticPress < 5.1.2 - Data Sync via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...
Copymatic – AI Content Writer & Generator < 2.0 - Missing Authorization
Description The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the copymaticimportarticle function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, wit...
Bloglo < 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Bloglo theme for WordPress is vulnerable to Stored Cross-Site Scripting via author names in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
Tickera < 3.5.2.7 - Missing Authorization
Description The Tickera plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generateticketpreview function in versions up to, and including, 3.5.2.6. This makes it possible for authenticated attackers, with contributor-level access and above,...
Leyka < 3.31.2 - Missing Authorization
Description The Leyka plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sendCardCheck function in versions up to, and including, 3.31.1. This makes it possible for unauthenticated attackers to perform a card check...
Eduma < 5.4.8 - Reflected Cross-Site Scripting
Description The Eduma plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 5.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
WP Time Slots Booking Form < 1.2.12 - Missing Authorization
Description The WP Time Slots Booking Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the datamanagement function in versions up to, and including, 1.2.11. This makes it possible for unauthenticated attackers to view slot data...
SC filechecker <= 0.6 - Authenticated (Admin+) Arbitrary File Deletion
Description The SC filechecker plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 0.6. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote...
Advanced Woo Labels – Product Labels for WooCommerce < 1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Advanced Woo Labels – Product Labels for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EmbedPress < 3.9.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via PDF Widget URL
Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the PDF Widget URL in all versions up to, and including, 3.9.10 due to insufficient input...
Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send
Description The WooCommerce Dropshipping Premium plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on a function in all versions up to, and including, 5.0.4. This makes it possible for unauthenticated attackers to send arbitrary emails...
Radcliffe 2 < 2.0.18 - Missing Authorization
Description The radcliffe-2 theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.17. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.2 - Missing Authorization
Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxslideresponsive and srsavesettings functions in versions up to, and including, 1.4.0. This makes it...
Strategery Migrations <= 1.0 - Unauthenticated Arbitrary File Deletion
Description The Strategery Migrations plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the server which can lead to remote code execution...
12 Step Meeting List < 3.14.34 - Reflected Cross-Site Scripting
Description The 12 Step Meeting List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.14.33 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...
Newsletter - API v1 and v2 addon for Newsletter < 2.4.6 - Missing Authorization to Email Subscribers Management
Description The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the checkapikey function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create o...
Visual Composer Website Builder < 45.9.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 45.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...
Master Addons for Elementor < 2.0.5.6 - Missing Authorization via get_jltma_save_menuitem_settings()
Description The Master Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getjltmasavemenuitemsettings function in versions up to, and including, 2.0.5.4.1. This makes it possible for unauthenticated attackers to...
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.110 - Authenticated (Contributor+) Blind SQL Injection via data[addonID] Parameter
Description The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to blind SQL Injection via the ‘dataaddonID’ parameter in all versions up to, and including, 1.5.109 due to insufficient escaping on the user supplied parameter and lack of sufficie...
InstaWP Connect – 1-click WP Staging & Migration < 0.1.0.39 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to conne...
BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
Description The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...
ARMember < 4.0.28 - Directory Traversal via X-FILENAME
Description The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes it possible for unauthenticated attackers to upload and overwrite certain files e.g., CSS to directories outside the...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'getmanualcalendarevents' function in all versions up to, and including, 5.9.22 due to insufficient input...
Events Addon for Elementor < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Basic Slider, Upcoming Events, and Schedule widgets in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
Ocean Extra < 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget
Description The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox Shortcode
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sulightbox shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
Icegram Express < 5.7.23 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id]
Description The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘optionslistid’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
Debug Log Manager < 2.3.2 - Missing Authorization
Description The Debug Log Manager plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getlatestentries and disablewpfileeditor functions in versions up to, and including, 2.3.1. This makes it possible for authenticated...
Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Local File Inclusion
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qiaddonsforelementorbloglist shortcode. This makes it possible for authenticated attackers, with...
Blocksy < 2.0.51 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the customurl parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
Salon booking system < 10.0 - Missing Authorization
Description The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admininit in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with...
Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via onclick events
Description The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.7 due to insufficient input...
Integrate Google Drive < 1.3.94 - Missing Authorization
Description The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files into Your WordPress Site plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and includin...