14603 matches found
Avada < 7.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.11.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
Avada < 7.11.7 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing
Description The Avada theme for WordPress is vulnerable to Sensitive Information Exposure via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. PoC Acce...
Visualizer < 3.10.6 - Reflected Cross-Site Scripting
Description The Visualizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
WPFunnels < 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible...
Avada < 7.11.7 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.11.6 via the formtourlaction function. This makes it possible for authenticated attackers, with contributor-level access and...
Multiple Page Generator Plugin – MPG < 3.4.1 - Authenticated (Editor+) Remote Code Execution
Description The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with editor-level access and above, to execute code on the server...
Builder for WooCommerce reviews shortcodes – ReviewShort < 1.01.4 - Cross-Site Request Forgery
Description The Builder for WooCommerce reviews shortcodes – ReviewShort plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.01.3. This is due to missing or incorrect nonce validation on the wprshrtcdredirect function. This makes it possible for...
Evergreen Content Poster < 1.4.2 - Reflected Cross-Site Scripting
Description The Evergreen Content Poster plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
YITH WooCommerce Product Add-Ons < 4.6.0 - Unuathenticated Cross-Site Scripting
Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
OxyExtras < 1.4.5 - Unauthenticated Cross-Site Scripting
Description The OxyExtras plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute...
Barcode Scanner with Inventory & Order Manager < 1.5.4 - Reflected Cross-Site Scripting
Description The Barcode Scanner with Inventory & Order Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Avada < 7.11.7 - Authenticated (Admin+) SQL Injection via entry
Description The Avada theme for WordPress is vulnerable to SQL Injection via the 'entry' parameter in all versions up to, and including, 7.11.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Zippy < 1.6.10 - Authenticated (Editor+) Arbitrary File Upload
Description The Zippy plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ZippyCore.php file in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary...
Extensions For CF7 < 3.0.7 - Unauthenticated Stored Cross-Site Scripting
Description The Extensions For CF7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
WordPress Ping Optimizer <= 2.35.1.3.0 - Log Clearing via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as clearing logs. PoC Make a logged in admin open the URL below...
AntiSpam for Contact Form 7 < 0.6.1 - Reflected Cross-Site Scripting
Description The AntiSpam for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
Sitekit < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
Super Page Cache for Cloudflare < 4.7.6 - Cross-Site Request Forgery
Description The Super Page Cache for Cloudflare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7.5. This is due to missing or incorrect nonce validation on the adminmenupageindex function. This makes it possible for unauthenticated attackers t...
Specific Content For Mobile – Customize the mobile version without redirections < 0.1.9.6 - Reflected Cross-Site Scripting
Description The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for...
RegistrationMagic < 5.2.6.0 - Reflected Cross-Site Scripting
Description The RegistrationMagic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.7.9 - Authenticated (Subscriber+) SQL Injection
Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WP Popups < 2.1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Popups – WordPress Popup builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
Contact Forms by Cimatti < 1.8.0 - Unauthenticated Stored Cross-Site Scripting
Description The Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Invitation Code Content Restriction Plugin from CreativeMinds < 1.5.5 - Reflected Cross-Site Scripting
Description The Invitation Code Content Restriction Plugin from CreativeMinds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘targetid’ parameter in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it...
Advanced Sermons < 3.3 - Reflected Cross-Site Scripting
Description The Advanced Sermons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sermondates' parameter in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Modal Window – create popup modal window < 5.3.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 5.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Link Library < 7.6.1 - Reflected Cross-Site Scripting
Description The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
The Ultimate Video Player For WordPress < 2.2.3 - Contributor+ Stored XSS
Description The plugin does not have proper capability check when updating its settings via a REST route, allowing Contributor and above users to update them. Furthermore, due to the lack of escaping in one of the settings, this also allows them to perform Stored XSS attacks PoC As a contributor,...
WooCommerce Cloak Affiliate Links < 1.0.34 - Missing Authorization to Unauthenticated Permalink Modification
Description The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalinksettingssave' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to...
JetWidgets For Elementor < 1.0.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URL
Description The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget button URL in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Coupon Affiliates < 5.12.8 - Reflected Cross-Site Scripting
Description The Coupon Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.12.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Crisp < 0.45 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Crisp plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.44 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrar...
WP Calameo < 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Calameo plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
WooCommerce License Manager < 5.3.2 - Reflected Cross-Site Scripting
Description The WooCommerce License Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
Plugin Permalink < 2.4.3.2 - Missing Authorization via get_uri_editor
Description The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of a...
Automatic < 3.92.1 - Unauthenticated SQL Injection
Description The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
Scrollsequence < 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Scrollsequence plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
GamiPress – Button < 1.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Everest Forms < 2.0.8 - Unauthenticated Server-Side Request Forgery via font_url
Description The Everest Forms plugin for WordPress is vulnerable to Server-Side Request Forgery via the 'fonturl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify...
Advanced Classifieds & Directory Pro < 3.1.2 - Missing Authorization to Arbitrary Attachment Deletion
Description The Advanced Classifieds & Directory Pro plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajaxcallbackdeleteattachment function in all versions up to, and including, 3.0.0. This makes it possible for authenticated attackers, with...
Combo Blocks < 2.2.76 - Unauthenticated Password Protected Posts Access
Description The plugin does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts PoC Open one of the below URL as an unauthenticated user and note that password protected posts are disclosed...
Easy Maintenance Mode <= 1.4.2 - Information Exposure
Description The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection...
WPBITS Addons For Elementor Page Builder <= 1.3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
WooCommerce POS < 1.4.12 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure
Description The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers,...
Woomotiv < 3.5.0 - Review Count Reset via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrato...
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates < 4.5.4 - Contributor+ Stored XSS
Description The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates is vulnerable to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for...
RevivePress < 1.5.6.1 - Subscriber+ Settings Update/Access
Description The plugin is vulnerable to unauthorized access and modification of data due to a missing capability check on the importdata and copydata functions. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them...
Gum Elementor Addon < 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget
Description The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Standout Color Boxes and Buttons <= 0.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms < 1.82.6 - SQL Injection to Reflected Cross-Site Scripting via integration_id
Description The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integrationid’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user...