14603 matches found
Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC GDCrow GDCcolumn size='"...
WP Activity Log < 4.6.2 - Unauthenticated Stored Cross-Site Scripting
Description The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user agent header in versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
Elementor Addon Elements < 1.13 - Contributor+ to LFI
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP...
ProfilePress < 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode
Description The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's reg-select-role shortcode in all versions up to, and including, 4.15.0 due to...
ProfilePress < 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode
Description The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.15.1 due to insufficient inpu...
Elementor Addon Elements < 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iconalign' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible...
Elementor Addon Elements < 1.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
WP Event Manager < 3.1.42 - Reflected Cross-Site Scripting via plugin
Description The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping...
Colibri Page Builder < 1.0.260 - Arbitrary Shortcode Call via CSRF
Description The plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the cpshortcoderefresh function, allowing unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator int...
Page Builder < 1.8.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Button Widget options before outputting them back in a page/post where the widget is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Archivist – Custom Archive Templates < 1.7.6 - Reflected Cross-Site Scripting
Description The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcodeattributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...
Product Catalog Enquiry for WooCommerce by MultiVendorX < 5.0.6 - Cross-Site Request Forgery via REST API
Description The Product Catalog Enquiry for WooCommerce by MultiVendorX plugin for WordPress is vulnerable to cross-site request forgery due to an improper capability check on the 'catalogpermission' function in versions up to, and including, 5.0.5. While the REST endpoints are only initialized f...
Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Arbitrary File Upload
Description The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to...
Addon Library <= 1.3.76 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
Description The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and...
Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form
Description The Change Table Prefix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'changeprefixform' function. This makes it possible for unauthenticated attackers to toggle...
Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery
Description The Custom Order Statuses for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to modif...
Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
YML for Yandex Market < 4.2.4 - Reflected Cross-Site Scripting
Description The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feedid parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Colibri Page Builder < 1.0.260 - Import Images, Delete Post, Save Theme Data via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the apiCall function, allowing unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request...
Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Brizy – Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
FormFacade < 1.2.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Heureka < 1.1.0 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action...
Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Directory Traversal
Description The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the serv...
SuperFaktura WooCommerce < 1.40.4 - Authenticated (Subscriber+) Blind Server-Side Request Forgery
Description The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wcsfurlcheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests t...
PeproDev Ultimate Invoice < 1.9.8 - Unauthenticated Arbitrary Invoice Access
Description The plugin is vulnerable to Sensitive Information Exposure via the 'initplugin' function. This makes it possible for unauthenticated attackers to generate PDF or ZIP files of arbitrary invoices and extract sensitive data...
Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update
Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attacker...
Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery
Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated...
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection
Description The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for...
Colibri WP < 1.0.101 - Cross-Site Request Forgery to Limited Plugin Installation
Description The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwpinstallplugin function. This makes it possible for unauthenticated attackers to install...
Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration
Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangebookmark function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated...
Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated (Admin+) SQL Injection
Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization
Description The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticat...
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Cross-Site Request Forgery
Description The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for...
Maintenance Page < 1.0.9 - Security Mechanism Bypass via REST API
Description The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode...
Jobs for WordPress < 2.7.4 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC 1. As a Contributor, navigate to "Add new position" 2. On the page to create a post, in the "Working Hours" add: 3...
Beaver Builder < 2.7.4.3 - Reflected XSS
Description The plugin is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully...
Sassy Social Share < 3.3.57 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Beaver Builder < 2.7.4.3 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the image URL parameter due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a us...
Widget for Social Page Feeds < 6.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Create a new Facebook like...
Event Tickets and Registration < 5.8.2 - Missing Authorization
Description The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access a...
Maintenance Page < 1.0.9 - Missing Authorization to Sensitive Information Exposure
Description The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribedownload function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...
Beaver Builder < 2.7.4.3 - Contributor+ Stored XSS via Icon Widget
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'flbuilderdatanodepreviewlink' and 'flbuilderdatasettingslinktarget' parameters due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access and...
Tutor LMS < 2.6.1 - Student+ HTML Injection via Q&A
Description The plugin is vulnerable to HTML Injection due to insufficient sanitization of HTML input in the Q functionality, allowing authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting...
YARPP < 5.30.10 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Beaver Builder < 2.7.4.3 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the button link parameter due to insufficient input sanitization and output escaping, allowing authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a us...
Academy LMS – eLearning and online course solution for WordPress < 1.9.20 - Authenticated (Subscriber+) Privilege Escalation
Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saveduserinfo function. This makes it...
Community by PeepSo < 6.2.7.1 - Unauthenticated Sensitive Information Disclosure via Log file
Description The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.7.0. This makes it possible for unauthenticated attackers to extract sensitive data from log...
Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC When creating a new widget, insert...
Cwicly < 1.4.0.3 - Authenticated (Contributor+) Remote Code Execution
Description The Cwicly plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.0.2. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server...