14603 matches found
Booking for Appointments and Events Calendar – Amelia < 1.0.99 - Reflected Cross-Site Scripting
Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for...
Premium Addons for Elementor < 4.10.22 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
Download Manager < 3.2.86 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
WPvivid Backup and Migration < 0.9.69 - Unauthenticated SQLi & DoS
Description The plugin is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions, allowing unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS...
Custom Field Suite < 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, wit...
Friends < 2.8.6 - Authenticated (Admin+) Blind Server-Side Request Forgery
Description The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discoveravailablefeeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to...
Marketing Optimizer <= 20200925 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers...
Restaurant Solutions – Checklist 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Download Media <= 1.4.2 - Missing Authorization via generate_link_for_media
Description The Download Media plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'generatelinkformedia' function in versions up to, and including, 1.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...
Avada | Website Builder For WordPress & WooCommerce < 7.11.5 - Authenticated (Contributor+) Arbitrary File Upload
Description The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaximportoptions function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers,...
Fontific | Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all
Description The Fontific | Google Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.6. This is due to missing or incorrect nonce validation on the 'ajaxfontificsaveall' function. This makes it possible for unauthenticated attackers to...
Page Restrict <= 2.5.5 - Unauthenticated Protected Post Access
Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private, allowing unauthenticated attackers to view protected posts...
Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS
Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. PoC await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...
Configure SMTP <= 3.1 - Reflected Cross-Site Scripting
Description The Configure SMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit <= 1.0.9 - Unauthenticated Sensitive Information Exposure
Description The WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
WP Private Content Plus <= 3.6 - Unauthenticated Protected Post Access
Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to posts via the REST API when a page has been made private, allowing unauthenticated attackers to view protected posts...
PayU India <= 3.8.2 - Reflected Cross-Site Scripting via type
Description The PayU India plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘type’ parameter in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WP Shortcodes Plugin < 7.0.4 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its suqrcode shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WPvivid Backup for MainWP < 0.9.33 - Reflected Cross-Site Scripting
Description The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Advanced iFrame < 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute...
System Dashboard < 2.8.10 - XSS via Header Injection
Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks PoC X-Forwarded-For: 11.11.11.11...
Events Manager < 6.4.7 - Authenticated(Administator+) Stored Cross-Site Scripting via settings
Description The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
Booking Calendar < 1.3.83 - CSRF appointment scheduling
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. PoC...
Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage
Description The Watermark RELOADED plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the 'optionsPage' function. This makes it possible for unauthenticated attackers to update plugin...
Tainacan < 0.20.7 - Unauthenticated Sensitive Information Exposure
Description The Tainacan plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.20.6. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
postMash – custom post order <= 1.2.0 - Reflected Cross-Site Scripting via m
Description The postMash – custom post order plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘m’ parameter in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
Rolo Slider <= 1.0.9 - Missing Authorization to Authenticated(Subscriber+) Settings Change
Description The Rolo Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxcallback' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber access and above, t...
SoundCloud Shortcode < 4.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
BeePress <= 6.9.8 - Cross-Site Request Forgery via beepress-pro.php
Description The BeePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.9.8. This is due to missing or incorrect nonce validation on multiple functions in the beepress-pro.php. This makes it possible for unauthenticated attackers to modify the...
Travelpayouts < 1.1.17 - Open Redirect
Description The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. PoC...
Adsmonetizer < 3.1.3 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the token parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a us...
Media Alt Renamer 0.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via _wp_attachment_image_alt postmeta
Description The Media Alt Renamer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpattachmentimagealt’ postmeta parameter in versions up to 0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Page Restriction WordPress (WP) < 1.3.5 - Unauthenticated Protected Post Access
Description The plugin is vulnerable to information disclosure due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not...
Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode
Description The Slivery Extender plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the 'sliderthemesection' function. This is due to the use of calluserfunc on one of the shortcode attributes. This makes it possible for authenticated...
WP Social Widget < 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The WP Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
Gestpay for WooCommerce < 20240307 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card
Description The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attacker...
Yuki < 1.3.15 - Cross-Site Request Forgery to Theme Setting Reset
Description The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes...
Conversios < 7.0.8 - Subscriber+ SQL Injection via ee_syncProductCategory
Description The plugin is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Plugin Activation via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxpluginactivation function, allowing unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into...
ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting
Description The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it...
LifterLMS – WordPress LMS Plugin for eLearning < 7.5.2 - Missing Authorization via process_review
Description The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attacker...
Payment Gateway for Telcell < 2.0.4 - Unauthenticated Open Redirect
Description The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue PoC https://localhost/wp-admin/admin.php?page=wc-settings=redirecttelcellformurl=https://www.google.com...
Chat Bubble <= 2.3 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Coming Soon Page & Maintenance Mode < 2.2.2 - Maintenance Mode Bypass
Description The plugin is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsmcomingsoonredirect function, allowing unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content...
Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure
Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acxcsmasubscribeajax' function. This can allow authenticated attackers to extract sensitive data such as names and...
Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure
Description The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when...
Yuki < 1.3.14 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset
Description The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and...