14603 matches found
Tutor LMS – eLearning and online course solution < 2.6.2 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erasetutordata function. This makes it possible for...
Easy Social Feed < 6.5.5 - Cross-Site Request Forgery
Description The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the savegroupslist function. This makes it possible...
weForms < 1.6.22 - Unauthenticated Stored Cross-Site Scripting via Referer
Description The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
Video Conferencing with Zoom < 4.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoomrecordingsbymeeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes...
Bulgarisation for WooCommerce < 3.0.15 - Missing Authorization
Description The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level...
Shariff Wrapper < 4.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'infotext'. This makes it...
Revolut Gateway for WooCommerce < 4.9.8 - Missing Authorization
Description The Revolut Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the wcrevolutclearrecords and wcrevolutonboardapplepaydomain functions in versions up to, and including, 4.9.7. This makes it possible for...
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efblikebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user...
Shariff Wrapper < 4.6.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes such as 'secondarycolor' and...
CWW Companion < 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Easy Social Feed < 6.5.5 - Cross-Site Request Forgery
Description The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esfinstasaveaccesstoken and...
Team Circle Image Slider With Lightbox < 1.0.1 - Image Data Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the circlethumbnailsliderwithlightboximagemanagementfunc function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious...
Mollie Forms < 2.6.4 - Missing Authorization
Description The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, t...
LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook()
Description The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forge...
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()
Description The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level...
Hubbub Lite < 1.33.1 - Unauthenticated Password Protected Posts Access
Description The plugin does not ensure that user have access to password protected post before displaying its content in a meta tag. PoC When the "Disable Open Graph Meta Tags" settings of the plugin is disabled, view the source of a password protected post and note its content being disclosed in...
WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
Description The plugin does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs PoC Make a logged in admin open the URL below to make them delete the filter with the slug...
LadiApp <= 4.4 - Cross-Site Request Forgery via save_config()
Description The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the saveconfig function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipageconfig' option via a forged request...
Site Reviews < 6.11.7 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name
Description The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber...
WooCommerce Product Filter < 1.4.4 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below the filter with the slug test1 needs to...
LadiApp <= 4.4 - Missing Authorization via save_config()
Description The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveconfig function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update t...
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via publish_lp()
Description The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key...
WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC As and admin, create a...
News Announcement Scroll < 9.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode
Description The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
LadiApp <= 4.4 - Missing Authorization via ladiflow_save_hook()
Description The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflowsavehook function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to...
Tutor LMS – eLearning and online course solution < 2.6.2 - Authenticated (Subscriber+) SQL Injection
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the questionid parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
Auto Affiliate Links < 6.4.3.1 - Missing Authorization via aalAddLink
Description The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or...
Newsletter2Go <= 4.0.13 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style
Description The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber...
LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via init_endpoint
Description The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the initendpoint function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a...
Mollie Forms < 2.6.4 - Missing Authorization to Arbitrary Post Duplication
Description The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or highe...
f(x) Private Site <= 1.2.1 - Sensitive Information Exposure
Description The fx Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin...
LiveChat WooCommerce < 2.2.17 - Cross-Site Request Forgery
Description The WordPress Live Chat Plugin for WooCommerce – LiveChat plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.16. This is due to missing or incorrect nonce validation on several functions in the...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...
Swift SMTP < 5.0.7 - Cross-Site Request Forgery
Description The Swift SMTP formerly Welcome Email Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.6. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated...
OneClick Chat to Order < 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Download Monitor < 4.9.5 - Authenticated (Admin+) SQL Injection
Description The Download Monitor plugin for WordPress is vulnerable to SQL Injection via the 'limit' parameter in all versions up to 4.9.5 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Orbit Fox by ThemeIsle < 2.10.33 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget
Description The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Metform Elementor Contact Form Builder < 3.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
HT Easy GA4 – Google Analytics WordPress Plugin < 1.2.0 - Missing Authorization to Unauthenticated GA4 Email Update
Description The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to upda...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendareventsdelete function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Unauthenticated Stored Cross-Site Scripting
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offlinestatus' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
LiveChat Elementor < 1.0.14 - Cross-Site Request Forgery
Description The WordPress Live Chat Plugin for Elementor – LiveChat plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.13. This is due to missing or incorrect nonce validation via several functions in the...
GD Rating System < 3.5.1 - Unauthenticated Stored Cross-Site Scripting via IP
Description The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via IP Address values in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attacker...
Football pool < 2.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.11.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Ultimate Member < 2.8.4 - Unauthenticated Stored Cross-Site Scripting
Description The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Unauthenticated Booking Payment Bypass
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for...
Blocksy < 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possibl...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premiumfbchatappid' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible...