14603 matches found
NPS computy < 2.7.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings NPS Monitoring"...
Media Library Assistant < 3.14 - Authenticated (Contributor+) SQL Injection via Shortcode
Description The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control
Description The plugin does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions PoC While logged as a subscriber, paste the following in your browser's console: fetch'/wp-admin/admin-ajax.php',...
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make a logged in admin open the following HTML replace FORMID with a valid ID: The security field isn't validated and the shortcode is...
Ultimate Noindex Nofollow Tool II < 1.3.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Settings Ultimate...
Top Bar < 3.0.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Top Bar" in WP Admin 2...
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg < 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.2 due to insufficient inp...
Smart Forms < 2.6.94 - Edit Entries via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk. PoC CSRF PoC...
WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
Description The plugin does not prevent users with at least the contributor role from leaking products they shouldn't have access to. e.g. private, draft and trashed products PoC 1. ADMIN: Install WooCommerce 2. ADMIN: Add products of various visibility and statuses including Publish, Draft,...
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. PoC 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...
Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS
Description The plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks. PoC sunote notecolor='123"onmouseover="alert/XSS/"' textcolor='1' radius='1' class='1'...
Video Conferencing with Zoom < 4.4.6 - Sensitive Information Exposure
Description The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the getassignhostid AJAX action. This makes it possible for authenticated attackers, with subscriber access or higher, to enumerate...
Blocksy Companion < 2.0.32 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages < 3.4.21 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request
Description The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible...
Tourfic < 2.11.19 - Authenticated (Subscriber+) PHP Object Injection
Description The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.17 via deserialization of untrusted input . This makes it possible for...
Better Search < 3.3.1 - Unauthenticated Stored Cross-Site Scripting
Description The Better Search – Relevant search results for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for...
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.13 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color'
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 d...
Olive One Click Demo Import < 1.1.2 - Missing Authorization
Description The Olive One Click Demo Import plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability checking on several rest routes in versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to perform unauthorize...
Passwordless Login < 1.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Passwordless Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
PDF Embedder < 4.7.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Restrict User Access – Membership Plugin with Force < 2.6 - Reflected Cross-Site Scripting
Description The Restrict User Access – Membership Plugin with Force plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Tourfic < 2.11.8 - Reflected Cross-Site Scripting
Description The Tourfic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.11.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Lightweight Accordion < 1.5.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Custom WooCommerce Checkout Fields Editor < 1.3.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the savewcfeoptions function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
Move Addons for Elementor < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Tourfic < 2.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Tourfic plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Page Builder: Pagelayer – Drag and Drop website builder < 1.8.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
MJM Clinic < 1.1.23 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The MJM Clinic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Tourfic < 2.11.16 - Authenticated (Subscriber+) Arbitrary File Upload
Description The Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.11.15. This makes it possible for...
Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.26 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Automation By Autonami < 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Automation By Autonami plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
Rank Math SEO with AI SEO Tools < 1.0.215 - Contributor+ Stored XSS
Description The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Page Builder by SiteOrigin < 2.29.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
WP Media folder < 5.7.3 - Authenticated (Subscriber+) Arbitrary File Upload
Description The WP Media folder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary...
WP Coder < 3.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The WP Coder – Powerful HTML, CSS, JS and PHP Injection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
EmbedPress < 3.9.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpressprotwitchtheme ' attribute in all versions u...
MyCurator Content Curation < 3.77 - Reflected Cross-Site Scripting
Description The MyCurator Content Curation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'topic' parameter in all versions up to, and including, 3.76 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Page Builder Gutenberg Blocks – CoBlocks < 3.1.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
SEOPress – On-site SEO < 7.6 - Author+ Stored Cross-Site Scripting
Description The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary we...
Tracking Code Manager < 2.1.0 -Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder < 1.15.23 - Sensitive Information Exposure
Description The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.15.22 via the signature functionality. This makes it possible for unauthenticated attackers to extrac...
WooCommerce Clover Payment Gateway < 1.3.2 - Missing Authorization via callback_handler
Description The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callbackhandler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark...
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing < 3.6.4 - Plugin Settings Update via CSRF
Description The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin'...
Memberpress < 1.11.27 - Reflected Cross-Site Scripting via message and error
Description The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
LiquidPoll – Polls, Surveys, NPS and Feedback Reviews < 3.3.77 - Information Exposure
Description The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the pollerlist shortcode. This makes it possible for authenticated attackers, with contributor-level access a...
Advanced Access Manager < 6.9.21 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Getwid – Gutenberg Blocks < 2.0.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content
Description The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
AI Post Generator < 3.4 - Subscriber+ Posts Read/Creation/Deletion
Description The plugin is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions. This makes it possible for authenticated attackers, with subscriber access or higher, to view all posts generated with this plugin...
Download Manager < 3.2.85 - Contributor+ Stored XSS
Description The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that...
Network Summary <= 2.0.11 - Unauthenticated SQL Injection
Description The Network Summary plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter in all versions up to, and including, 2.0.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...