14603 matches found
Pz-LinkCard < 2.5.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Put the following payload in the "Class ID to be Added for PC" setting of the plugin...
Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on us...
Booster for WooCommerce < 7.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde
Description The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigationdots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for...
Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archivetitletag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.1. This makes it possible for authenticated...
Nextend Social Login and Register < 3.1.13 - Reflected Self-Based Cross-Site Scripting via error_description
Description The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible...
SiteOrigin Widgets Bundle < 1.58.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WooCommerce Add to Cart Custom Redirect < 1.2.14 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update
Description The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcrdismissadminnotice' function in all versions up to, and including, 1.2.13. This makes it possible for...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Pz-LinkCard < 2.5.3 - Contributor+ SSRF
Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. PoC Setup a listener on a localhost/LAN host such as nc -l 127.0.0.1 9000, then as a contributor, put the...
The Plus Addons for Elementor < 5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget
Description The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible f...
EventPrime – Events Calendar, Bookings and Tickets < 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Event Export
Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bookingexportall function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers,...
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to...
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block
Description The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10...
WP-Members Membership Plugin < 3.4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
Simple Restrict < 1.2.7 - Missing Authorization to Sensitive Information Exposure
Description The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content...
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds < 1.4.11 - Missing Authorization to Authenticated (Subscriber+) User Email Export
Description The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawalletexportusersearch function in all versions up to, and including,...
affiliate-toolkit – WordPress Affiliate Plugin < 3.5.5 - Missing Authorization via atkp_import_product
Description The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpimportproduct function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with...
Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
Easy Accordion – Best Accordion FAQ Plugin for WordPress < 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordioncontentsource' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes ...
WP Chat App < 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes
Description The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'...
Social Sharing Plugin – Sassy Social Share < 3.3.59 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'SassySocialShare' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied...
affiliate-toolkit – WordPress Affiliate Plugin < 3.5.5 - Missing Authorization via atkp_create_list
Description The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkpcreatelist function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with...
Fluent Forms < 5.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Fluent Forms plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.9 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web...
Page Builder: Pagelayer – Drag and Drop website builder < 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes
Description The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for...
Royal Elementor Addons and Templates < 1.3.92 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for...
Happy Addons for Elementor < 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget
Description The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authormetatag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible...
My Calendar < 3.4.24 - Authenticated Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin PoC 1. Use any type of role as long as you permit it the action to Add Events. 2. Add...
Elite Booster for WooCommerce < 7.1.8 - Authenticated (Subscriber+) Arbitrary File Upload
Description The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wcaddnewproduct function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload...
Digits < 8.4.2 - Cross-Site Request Forgery to Privilege Escalation
Description The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of...
Pz-LinkCard < 2.5.3 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the code below...
Otter Blocks PRO < 2.6.4 - Unauthenticated Stored Cross-Site Scripting via SVG Upload
Description The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and...
Complianz – GDPR/CCPA Cookie Consent < 7.0.0 - Cross-Site Request Forgery to Data Request Deletion
Description The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the processdelete function in class-DNSMPD.php. This makes it possible for...
Otter Blocks PRO < 2.6.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via File Field CSS
Description The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output...
Prime Slider – Addons For Elementor < 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget
Description The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible...
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) < 2.8.8 - Missing Authorization to Unauthenticated Media Upload
Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyformsuploadhandledroppedmedia function in all versions up...
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) < 2.8.8 - Missing Authorization to Unauthenticated Media Deletion
Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handledeletedmedia function in all versions up to, and...
MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.11 - Basic Information Exposure via REST route
Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and...
Premium Addons for Elementor PRO < 2.9.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget link
Description The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Restaurant Reservations < 2.0 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion
Description The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the ndrstlayout attribute of the ndrstsearch shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to...
PDF Invoices and Packing Slips For WooCommerce < 1.3.8 - Authenticated (Subscriber+) PHP Object Injection
Description The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the orderid parameter. This makes it possible for authenticated attackers, with...
Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) < 2.8.8 - Missing Authorization
Description The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and...
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin < 3.1.5 - Unauthenticated Stored Self-Based Cross-Site Scripting
Description The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and...
WPKoi Templates for Elementor < 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget
Description The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
File Manager And File Manager Pro (Multiple Versions) - Directory Traversal
Description The File Manager and File Manager Pro plugins for WordPress are vulnerable to Directory Traversal in versions up to, and including version 7.2.1 free version and 8.3.4 Pro version via the target parameter in the mkfilefoldermanageractioncallbackshortcode function. This makes it possib...
Database for Contact Form 7, WPforms, Elementor forms < 1.3.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...
Product Carousel Slider & Grid Ultimate for WooCommerce < 1.9.8 - Authenticated(Contributor+) PHP Object Injection
Description The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor...
Backup and Restore WordPress < 1.50 - Unauthenticated Sensitive Data Exposure
Description The plugin does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data. PoC 1 There is a lot of sensitive data and most importantly, you can download this logs to your machine and read it. These...
Total < 2.1.60 - Missing Authorization to Authenticated (Subscriber+) Sections Update
Description The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and abov...