14603 matches found
Cards for Beaver Builder < 1.1.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via bootstrapcard link
Description The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the BootstrapCard link in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP Compress – Image Optimizer < 6.11.11 - Missing Authorization to Unauthenticated CDN Modification
Description The WP Compress – Image Optimizer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpslocalcompress::construct' function in all versions up to, and including, 6.11.10. This makes it possible for unauthenticated attackers...
Elementor Addon Elements < 1.12.11 - Contributor+ Stored XSS
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-wts-url' value due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
Easy Property Listings < 3.5.3 - Authenticated(Contributor+) SQL Injection via Shortcode
Description The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘propertystatus’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels < 4.4.2 - Unauthenticated Stored Cross-Site Scripting
Description The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This...
Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read
Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts PoC When logged in as a subscriber, open the following URL and note that the...
360 Javascript Viewer < 1.7.13 - Missing Authorization to Plugin Settings Update
Description The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authenticated attackers, with...
ColorMag < 3.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
Description The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level...
File Manager < 7.2.5 - Cross-Site Request Forgery to Local JS File Inclusion
Description The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local...
WP Fusion Lite < 3.42.10 - Authenticated (Contributor+) Remote Code Execution
Description The WP Fusion Lite – Marketing Automation and CRM Integration for WordPress plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.41.24. This makes it possible for authenticated attackers, with contributor-level access and above, to execut...
GiveWP – Donation Plugin and Fundraising Platform < 3.6.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
WooThumbs for WooCommerce by Iconic < 5.5.4 - Reflected Cross-Site Scripting
Description The WooThumbs for WooCommerce by Iconic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
wp-mpdf < 3.8 - Reflected Cross-Site Scripting
Description The wp-mpdf plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execu...
Automatic < 3.92.1 - Cross-Site Request Forgery to Privilege Escalation
Description The Automatic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.92.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to escalate their privileges via a forged...
WooCommerce Google Feed Manager < 2.3.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Description The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop...
Survey Maker < 4.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Survey Maker – Best WordPress Survey Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Popup Maker – Popup for opt-ins, lead gen, & more < 1.18.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
The Moneytizer < 9.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The The Moneytizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.5.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Permalink Manager Lite and Permalink Manager pro < 2.4.3.2 - Reflected Cross-Site Scripting
Description The Permalink Manager Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Site Reviews < 6.11.7 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.11.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject...
WP SendFox < 1.3.1 - Missing Authorization
Description The WP SendFox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the gbsf4wpprocesssync function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to process...
Calendarista Basic Edition < 3.0.3 - Unauthenticated Cross-Site Scripting
Description The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Database for Contact Form 7 < 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Database for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
Visual Composer Website Builder < 45.7.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 45.6.0 due to insufficient input sanitization and...
DSGVO All in one for WP < 4.4 - Cross-Site Request Forgery
Description The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3. This is due to missing or incorrect nonce validation on the dsgvoajaxremoveusrip function. This makes it possible for unauthenticated attackers to remove...
Permalink Manager Lite < 2.4.3.1 - Reflected Cross-Site Scripting
Description The Permalink Manager Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Free Downloads WooCommerce < 3.5.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Free Downloads WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
Cryptocurrency Widgets – Price Ticker & Coins List < 2.6.9 - Missing Authorization
Description The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to unauthorized access due to an insufficient capability check on the ccpwposttype function in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with...
WEN Responsive Columns < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WEN Responsive Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.7.9 - Authenticated (Contributor+) SQL Injection via Shortcode
Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the customerid parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of...
Smart Online Order for Clover < 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
SupportCandy < 3.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The SupportCandy plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...
Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload
Description The Pie Register plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the piesaveregistration function in versions up to, and including, 3.8.3.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affect...
Email Subscription Popup < 1.2.21 - Unauthenticated Stored Cross-Site Scripting
Description The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '$email' parameter in versions up to, and including, 1.2.20 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Quiz And Survey Master < 8.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.2 due to insufficient input sanitization and output escaping. This makes it...
Premmerce Permalink Manager for WooCommerce < 2.3.11 - Unauthenticated Local File Inclusion
Description The Premmerce Permalink Manager for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...
Automatic < 3.92.1 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery
Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery and Arbitrary File Downloads in all versions up to, and including, 3.92.0. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from...
HT Easy GA4 ( Google Analytics 4 ) < 1.1.8 - Reflected Cross-Site Scripting
Description The HT Easy GA4 Google Analytics 4 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘functionorparam’ parameter in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Ticket Tailor < 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ticket Tailor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Five Star Restaurant Menu < 2.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Five Star Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
User profile < 2.0.21 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The User profile plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject...
FV Flowplayer Video Player < 7.5.44.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.5.41.7212 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access...
Contact Form 7 – PayPal & Stripe Add-on < 2.1 - Reflected Cross-Site Scripting
Description The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
MJM Clinic < 1.1.23 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The MJM Clinic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...
Link Whisper Free < 0.6.9 - Reflected Cross-Site Scripting
Description The Link Whisper Free plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
APIExperts Square for WooCommerce < 4.3 - Reflected Cross-Site Scripting
Description The APIExperts Square for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PropertyHive < 2.0.10 - Authenticated (Subscriber+) PHP Object Injection
Description The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.9 via deserialization of untrusted input through the 'body' parameter. This makes it possible for attackers, with subscriber-level access and above, to inject a PHP...
WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Table & Contact Form 7 Database – Tablesome < 1.0.28 - Reflected Cross-Site Scripting
Description The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
ARMember < 4.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.23 due to insufficient input sanitization and output escaping...