14602 matches found
Slideshow Gallery LITE < 1.8.2 - Authenticated (Contributor+) SQL Injection
Description The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...
PowerPack Pro for Elementor < 2.10.18 - Authenticated (Contributor+) Privilege Escalation
Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for...
Event Tickets with Ticket Scanner < 2.3.2 - Reflected Cross-Site Scripting
Description The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
WordPress Header Builder Plugin – Pearl < 1.3.8 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion
Description The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stmhbdelete function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated...
Events Manager – Calendar, Bookings, Tickets, and more! < 6.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes
Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'eventcategory' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and...
Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content]
Description The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfspostcontent' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Themesflat Addons For Elementor <= 2.1.1 - Contributor+ Stored XSS via Widget Titles
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
SiteOrigin Widgets Bundle < 1.62.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget
Description The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content <= 0.6.8 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.8 due to insufficient input sanitization and output escaping...
Gutenberg 12.9.0 - 18.0.0 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block
Description The Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in versions 12.9.0 to 18.0.0 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level...
WP Flow Plus < 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Flow Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Shop Slider, Tabs Classic, and Image Comparison widgets in all versions up to, and including, 4.4.1 du...
Save as PDF Plugin by Pdfcrowd < 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...
Rank Math SEO < 1.0.219 - Authenticated Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow users with access to the General Settings by default admin, however such access can be given to lower roles via the Role Manager feature of the plugin to perform Stored Cross-Site Scripting attacks even wh...
WPS Hide Login < 1.9.16 - Login Page Disclosure
Description The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login pa...
Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.24 - Authenticated (Contributor+) Path Traversal via esc_dir Function
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the escdir function. This makes it possible for authenticated attackers to cut and paste copy the contents of arbitrary file...
WP-Recall <= 16.26.6 - Cross-Site Request Forgery
Description The WP-Recall plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 16.26.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...
Checkout Field Editor for WooCommerce (Pro) < 3.6.3 - Unauthenticated Arbitrary File Deletion
Description The Checkout Field Editor for WooCommerce Pro plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.6.2. This is due to the plugin not properly validating a file or it's path prior to deleting it. This makes it possible for unauthenticat...
EazyDocs < 2.5.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC The PoC will be displayed on June...
Futurio Extra < 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Text Block Widget
Description The Futurio Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘headersize’ attribute within the Advanced Text Block widget in all versions up to, and including, 2.0.5 due to insufficient input sanitization and output escaping. This makes it possible for...
Simple COD Fees for WooCommerce <= 2.0.2 - Missing Authorization
Description The Simple COD Fees for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
BuddyPress < 12.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayname’ parameter in versions up to, and including, 12.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-lev...
Dokan Pro < 3.11.0 - Unauthenticated SQL Injection
Description The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
FileOrganizer < 1.0.8 - Sensitive Information Exposure via Directory Listing
Description The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizerajaxhandler' function. This makes it possible for unauthenticated attackers to extract sensitiv...
WP Translate <= 5.3.0 - Missing Authorization
Description The WP Translate – WordPress Translation Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.3.0. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Emergency Password Reset < 9.0 - Cross-Site Request Forgery
Description The Emergency Password Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0. This is due to missing or incorrect nonce validation in the index.php file. This makes it possible for unauthenticated attackers to update the plugin's...
KiviCare <= 3.6.2 - Authenticated (Patient+) Insecure Direct Object Reference
Description The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.6.2 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation
Description The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the 'cf7frr' post meta. This makes it possible for authenticated attackers, with editor-level access and above...
WP EasyCart < 5.6.0 - Missing Authorization
Description The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.5.19. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Elementor Addon Elements < 1.13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Widget
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
Upload Fields for WPForms <= 1.0.2 - Missing Authorization
Description The Upload Fields for WPForms – Drag and Drop Multiple File Upload, Image Upload, and Google Drive Upload for WPForms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.2. This makes it...
Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure
Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.2 via the wp-content/uploads/advanced-cf7-upload directory. This makes it possible for unauthenticated attackers to extract sensitive data...
MelaPress Login Security < 1.3.1 - Authenticated (Admin+) Remote File Inclusion
Description The MelaPress Login Security plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.3.0 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary...
YITH WooCommerce Wishlist < 3.33.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 3.33.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
TablePress – Tables in WordPress made easy < 2.3.2 - Authenticated (Author+) Server-Side Request Forgery via DNS Rebind
Description The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the getfilestoimport function. This makes it possible for authenticated attackers, with author-level access and above, to make...
Sitetweet <= 0.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC The PoC will be displayed on June 25, 2024, to give users the time to update...
Premium Addons for Elementor < 4.10.34 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Description The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Responsive < 5.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Responsive theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 5.0.3.1 exclusive due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...
Insert Post Ads <= 1.3.2 - Missing Authorization
Description The Insert Post Ads plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Download Manager < 3.2.87 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting
Description The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Download Manager < 3.2.94 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes
Description The Download Manager Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via wpdmuserdashboard, wpdmpackage, wpdmpackages, wpdmsearchresult, and wpdmtag shortcodes in all versions up to, and including, 3.2.92 due to insufficient input sanitization and output escaping...
WPvivid Backup for MainWP < 0.9.34 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.24 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customjs’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and...
Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure
Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vszcf7exporttoexcel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry...
WordPress Online Booking and Scheduling Plugin – Bookly < 23.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter
Description The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible f...
Custom Field Template < 2.6.2 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom Field Name
Description The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it...
Custom Field Template < 2.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for...
Custom Field Template < 2.6.2 - Authenticated (Admin+) Stored Cross-Site Scritping
Description The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor < 3.8.9 - Unauthenticated Sensitive Information Exposure
Description The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.8.8 via the 'handlefile' function. This can allow unauthenticated attackers to extract sensitive data,...
ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget
Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WL: Product Horizontal Filter widget in all versions up to, and including, 2.9.0 due t...