14603 matches found
Orbit Fox by ThemeIsle < 2.10.31 - Contributor+ Stored XSS via Form Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the form widget addr2width attribute due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages...
Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication
Description The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicatedatpage function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts...
Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update
Description The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validati...
WP eCommerce <= 3.15.1 - Unauthenticated SQL Injection
Description The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cartcontents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Subscriber+ Template Creation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function, allowing subscribers and higher to create templates...
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan < 4.53 - Missing Authorization to Authenticated (Subscriber+) Table Truncation
Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackertruncatescantable function in all versions up to, and including,...
CodeMirror Blocks < 2.0.0 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Code Mirror block due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will...
WP eCommerce <= 3.15.1 - Missing Authorization to Unauthenticated Arbitrary Post Creation
Description The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the checkforsaaspush function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts...
Seraphinite Accelerator < 2.21 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck
Description The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web...
Redirects <= 1.2.1 - Missing Authorization via save
Description The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin...
Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Theme Activation via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxthemeactivation function, allowing unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into...
Profile Box Shortcode And Widget < 1.2.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC When creating a new widget, insert...
Orbit Fox by ThemeIsle < 2.10.32 - Contributor+ Stored XSS via Post Type Grid Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions ...
WordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST API
Description The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature when unset a...
Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan < 4.52 - Missing Authorization to Unauthenticated IP Address Whitelist
Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackeraddwhitelist function in all versions up to, and including, 4.51...
Conversios < 7.0.8 - Subscriber+ SQL Injection
Description The plugin is vulnerable to SQL Injection via the 'valueData' parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above,...
Oliver POS – A WooCommerce Point of Sale (POS) < 2.4.1.9 - Cross-Site Request Forgery
Description The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possib...
MainWP Dashboard < 5.0 - Cross-Site Request Forgery via posting_bulk
Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it...
Gestpay for WooCommerce < 20240307 - Cross-Site Request Forgery (CSRF) via ajax_delete_card
Description The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxdeletecard' function. This makes it possible for unauthenticated attackers to...
Orbit Fox by ThemeIsle < 2.10.31 - Contributor+ Stored XSS via Pricing Table Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings'titletags' parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject...
Simple Tweet <= 1.4.0.2 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Categorify < 1.0.7.5 - Cross-Site Request Forgery via categorifyAjaxAddCategory
Description The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add...
Elementor Addon Elements < 1.13 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘eaecustomoverlayswitcher’ attribute of the Thumbnail Slider widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles
Description The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber...
Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxRenameCategory
Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-leve...
Elementor Addon Elements < 1.13 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrar...
Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxClearCategory
Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level...
Team Members < 5.3.2 - Author+ Stored XSS
Description The plugin does not validate and escape some of its Team options attributes before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. PoC 1. Create/edit a team...
Responsive Pricing Table < 5.1.11 - Author+ Stored XSS
Description The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks PoC - Create a new Pricing...
Restrict User Access – Ultimate Membership & Content Protection < 2.6 - Information Exposure
Description The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...
Categorify < 1.0.7.5 - Cross-Site Request Forgery via categorifyAjaxClearCategory
Description The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clea...
Duitku Payment Gateway < 2.11.7 - Missing Authorization via check_duitku_response
Description The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the...
Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxUpdateFolderPosition
Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level...
Relevanssi < 4.22.1 - Unauthenticated Query Log Export
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function, allowing unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper...
Comments Extra Fields For Post,Pages and CPT < 5.1 - Missing Authorization
Description The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, wi...
Categorify < 1.0.7.5 - Cross-Site Request Forgery via categorifyAjaxRenameCategory
Description The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to...
Thank You Page Customizer for WooCommerce – Increase Your Sales < 1.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution
Description The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the gettexteditorcontent function in all versions up to, and including, 1.1.2. This makes it possible for...
SMS Alert Order Notifications – WooCommerce < 3.7.0 - Cross-Site Request Forgery
Description The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for...
Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxAddCategory
Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level...
User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode
Description The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the usermeta shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
Gestpay for WooCommerce < 20240307 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card
Description The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers ...
User Feedback < 1.0.14 - Unauthenticated Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execu...
Categorify < 1.0.7.5 - Missing Authorization in categorifyAjaxDeleteCategory
Description The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-leve...
Thank You Page Customizer for WooCommerce – Increase Your Sales < 1.1.3 - Missing Authorization to Authenticated (Subscriber+) Data Export
Description The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the applylayout function due to a missing capability check. This makes it possible for authenticated...
ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update
Description The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, wit...
Categorify < 1.0.7.5 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory
Description The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to...
Categorify < 1.0.7.5 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition
Description The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers ...
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor < 2.8.3 - Unauthenticated SQL Injection
Description The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied...
Comments Extra Fields For Post,Pages and CPT < 5.1 - Cross-Site Request Forgery
Description The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attacke...
Ultimate Member 2.1.3 - 2.8.2 - Unauthenticated SQL Injection
Description The plugin does not sanitize and escape the sorting parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks when the "Enable custom table for usermeta" option is enabled. PoC Requirement: "Enable custom table for usermeta" option t...