14603 matches found
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid < 1.3.9 - Authenticated(Contributor+) PHP Object Injection
Description The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with...
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget < 1.6.8 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup
Description The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpostshortcodemetaboxmarkup function...
Simple Membership < 4.4.3 - Unauthenticated Stored Self-Based Cross-Site Scripting
Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
Testimonial Slider < 2.3.7 - Author+ Settings Update
Description The plugin does not properly ensure that a user has the necessary capabilities to edit certain sensitive plugin settings, making it possible for users with at least the Author role to edit them. PoC 1 Go to a page where one of the sliders is already in use and intercept the nonce tss ...
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin < 1.6.6.24 - Cross-Site Request Forgery to Plugin Data Reset
Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssafactoryreset function. This...
Ebook Store < 5.8002 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Image Optimizer, Resizer and CDN – Sirv < 7.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary...
Easy!Appointments < 1.3.2 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Vimeography < 2.3.3 - Contributor+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP...
JM Twitter Cards < 14.1.0 - Password Protected Post Access
Description The plugin is vulnerable to Information Exposure via the meta description data, allowing unauthenticated attackers to view password protected post content when viewing the page source...
CM Download Manager < 2.9.0 - Download Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack PoC Make an admin open the URL below https://example.com/cmdownload/del/id/...
CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack PoC Make an admin open the URL below https://example.com/cmdownload/unpublish/id/...
Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing
Description The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambitbuildersavecontent' function in all versions up to, and including, 5.1.0. This makes it possible...
Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization
Description The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated...
FeedWordPress < 2024.0428 - Unauthenticated Draft Access
Description The plugin is vulnerable to Insecure Direct Object Reference due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information...
Password Protected Store for WooCommerce < 2.3 - Unauthenticated Arbitrary Post Tile & Content Access
Description The plugin is vulnerable to Sensitive Information Exposure via the REST API, allowing unauthenticated attackers to extract sensitive data including post titles and content...
SportsPress – Sports Club & League Manager < 2.7.18 - Missing Authorization to Unauthenticated Event Permalink Update
Description The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to...
Blue Triad EZAnalytics <= 1.0 - Reflected Cross-Site Scripting via 'bt_webid'
Description The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'btwebid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection
Description The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level...
Maintenance Mode < 3.0.2 - Unauthenticated Post/Page Content Disclosure
Description The plugin is vulnerable to Sensitive Information Exposure via the REST API, allowing unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin...
Image Optimizer, Resizer and CDN – Sirv < 7.2.1 - Missing Authorization
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including 7.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above,...
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack PoC Make an admin open an HTML file containing the following:...
Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure
Description The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract...
Elementor Pro < 3.19.3 - Authenticated (Contributor+) Information Exposure
Description The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.19.2 . This makes it possible for authenticated attackers, with contributor-level access and above, to extract arbitrary user meta values...
Change Memory Limit <= 1.0 - Missing Authorization via admin_logic()
Description The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminlogic function hooked via admininit in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update t...
Schema Pro < 2.7.16 - Contributor+ Custom Field Access
Description The plugin does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode PoC As a contributor, add/edit a post and embed aiosrsprocustomfield postid="ANYPOSTID" fieldkey="ANYMETAKEY" and specify/guess an...
Ultimate Bootstrap Elements for Elementor < 1.3.7 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘headingtitletag’ and ’headingsubtitletag’ parameters due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject...
Ultimate Bootstrap Elements for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget
Description The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
Gutenberg Blocks by Kadence Blocks < 3.2.24 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Master Slider <= 3.9.9 - Editor+ Stored XSS via slider callback
Description The plugin is vulnerable to Stored Cross-Site Scripting via the slides callback functionality. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only...
Master Slider <= 3.9.10 - Sliders Deletion via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'processbulkaction' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site...
AI Engine < 2.2.1 - Unauthenticated Stored Cross-Site Scripting
Description The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output...
GenerateBlocks < 1.8.3 - Contributor+ Arbitrary Draft/Private Post Access
Description The plugin is vulnerable to Sensitive Information Exposure via Query Loop, allowing authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates...
Avada < 7.11.6 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view...
Calculated Fields Form Professional < 5.1.57 - Unauthenticated Stored Cross-Site Scripting
Description The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
WP Show Posts < 1.1.5 - Information Exposure
Description The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash,...
Master Slider <= 3.9.10 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's msslide shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...
Giveaways and Contests by RafflePress < 1.12.7 - Unauthenticated Stored Cross-Site Scripting
Description The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parenturl’ parameter in all versions up to, and including, 1.12.5 due to insufficient input...
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber < 7.3.15 - Authenticated (Admin+) SQL Injection
Description The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied...
LiteSpeed Cache < 5.7.0.1 - Unauthenticated Stored XSS
Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nameservers' and 'msg' parameters due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...
Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.0 - Authenticated (Contributor+) PHP Object Injection
Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awlsliderresponsiveshortcode function. This makes it possible for...
Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Beaver Builder – WordPress Page Builder < 2.7.4.3 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the audio widget 'linkurl' parameter due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute...
Visual Composer Premium < 45.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input...
NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure
Description The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the downloadtoolssettings function in all versions up to, and...
Essential Blocks < 4.5.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the blockId parameter due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user...
LiteSpeed Cache < 5.7.0.1 - Unauthenticated CDN Status Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on the 'updatecdnstatus' function, allowing unauthenticated attackers to modify the plugin's CDN status...
Download Manager < 3.2.85 - Unauthenticated File Download
Description The plugin is vulnerable to unauthorized file download of files added via the plugin, allowing unauthenticated attackers to download files added with the plugin even when privately published...
Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
Wp Social Login and Register Social Counter < 3.0.1 - Missing Authorization to Unauthenticated Social Login/Share Status Update
Description The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated...