14603 matches found
Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution
Description The Bricks theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.6. This makes it possible for unauthenticated attackers to execute code on the server...
WP Maintenance < 6.1.7 - Information Exposure
Description The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...
MasterStudy LMS WordPress Plugin – for Online Courses and Education < 3.2.6 - Unauthenticated SQL Injection
Description The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the...
Microsoft Clarity < 0.9.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the editclarityprojectid function. This makes it possible for unauthenticated attackers to change the project ...
Piraeus Bank WooCommerce Payment Gateway < 1.7.0 - Unauthenticated SQL Injection
Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Paid Memberships Pro < 2.12.9 - Contributor+ Arbitrary User Custom Field Disclosure
Description The plugin does not prevent user with at least the contributor role from leaking other users' sensitive metadata. PoC As a contributor, - Add shortcode to any post and specify/guess any user ID and meta key and save - Preview the post and see custom field value outputs from any user...
My Private Site < 3.1.0 - Improper Access Control to Sensitive Information Exposure via REST API
Description The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post...
PowerPack Addons for Elementor < 2.7.16 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize its Twitter Buttons Widget setting, allowing users with at least the contributor role to conduct Stored XSS attacks...
Easy Forms for Mailchimp <= 6.9.0 - Sensitive Information Exposure via logfile
Description The plugin stores its logs at a predictable path, making it easy for anyone to leak their content...
Happy Addons for Elementor < 3.10.2 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize the wrapper link parameter in the Age Gate, allowing users with at least the contributor access to conduct Stored XSS attacks...
Broken Link Checker < 2.2.4 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
Best WordPress Gallery Plugin – FooGallery < 2.4.9 -Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not prevent users with at least the contributor role from conducting Stored XSS attacks via the plugin's onClick Event functionality...
WP Editor < 1.2.8 - Sensitive Information Exposure via log file
Description The plugin stores its logs at a predictable path, making it easy for anyone to leak their content...
Premium Addons for Elementor < 4.10.19 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize and escape its buttons' onclick attribute, making it possible for users with at least the contributor role to conduct Stored XSS attacks...
Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Pexels: Free Stock Photos plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.2 via the pexelsfspimagesoptionsvalidate function. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Defender Security < 4.4.2 - IP Address Spoofing
Description The plugin prioritized user-supplied HTTP headers when trying to retrieve a user's IP address, making it possible for them to bypass IP address based restrictions...
Happy Addons for Elementor < 3.10.2 - Contributor+ Stored Cross-Site Scripting
Description The does not properly sanitize the side image URL parameter in the Age Gate, allowing users with at least thhe contributor role to conduct Stored XSS attacks...
SMTP Mail Plugin < 1.3.21 - Cross Site Request Forgery
Description The SMTP Mail plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.20. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized...
PJ News Ticker <= 6.8.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The PJ News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 6.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
TinyMCE Professional Formats and Styles <= 1.1.2 - Cross-Site Request Forgery via bb_taps_backend_page
Description The TinyMCE Professional Formats and Styles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'bbtapsbackendpage ' function. This makes it possible for unauthenticated...
Sydney Toolbox < 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for...
EmbedPress < 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.9.8 due to insufficient...
Frontend File Manager < 22.8 - Sensitive Information Exposure via user uploads
Description The Frontend File Manager Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 22.7 via the user upload functionality. This makes it possible for unauthenticated attackers to access user-uploaded files...
MoveTo <= 6.2 - Unauthenticated SQL Injection
Description The MoveTo plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in versions up to, and including, 6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Multi Step Form < 1.7.19 - Form Deletion via CSRF
Description The plugin does not have CSRF check when deleting forms in via a bulk action, which could allow attackers to make logged in admins delete arbitrary forms via a CSRF attack...
Simple Share Buttons Adder < 8.4.12 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings
Description The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update
Description The moveto plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, potentially leading to site...
PB oEmbed HTML5 Audio <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The PB oEmbed HTML5 Audio – with Cache Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Livemesh Addons for Elementor < 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class
Description The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘animatedtextclass’ attribute in versions up to, and including, 8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
Maspik – Spam blacklist < 0.10.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Maspik – Spam Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution
Description The plugin does not prevent unauthenticated visitors from running code on vulnerable sites. PoC Run the following JS on any site using the theme: await fetch"/wp-json/bricks/v1/renderelement", "credentials": "include", "headers": "Content-Type": "application/json" , "body":...
MyWaze <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The MyWaze plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
Canto < 3.0.7 - Unauthenticated RCE
Description The plugin is vulnerable to Remote Code Execution via the 'abspath' parameter due to the use of the includeonce statement on the parameter allowing remote file inclusion. This makes it possible for unauthenticated attackers to execute code on the server...
Malware Scanner < 4.7.3 - Admin+ SQLi
Description The plugin is vulnerable to SQL Injection via an unknown parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator access and above, to appe...
WP Media folder < 5.7.3 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change
Description The wp-media-folder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in all versions up to, and including, 5.7.2. This makes it possible for authenticated attackers, with subscriber access and above, to...
MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion
Description The moveto plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, leading to site takeover...
NEX-Forms – Ultimate Form Builder < 8.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 8.5.5 due to insufficient input sanitization and output escaping on user supplied...
Photos and Files Contest Gallery < 21.3.1 - Author+ Stored Cross Site Scripting
Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. PoC 1. Add a New gallery, and click on the "Add files" button to add content. 2. Now add a description for this content with the XSS...
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages < 1.7.3 - Unauthenticated Information Exposure
Description The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be publ...
EmbedPress < 3.9.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link
Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to...
Ultimate Reviews < 3.2.9 - Unauthenticated stored Cross-Site Scripting via reviews
Description The Ultimate Reviews plugin for WordPress is vulnerable to stored Cross-Site Scripting via the review functionality in versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Doofinder for WooCommerce < 2.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Doofinder WP & WooCommerce Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload
Description The moveto plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in an unknown function in all versions up to, and including, 6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server...
Paytium: Mollie payment forms & donations < 4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
TNC PDF viewer < 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The TNC PDF viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via creating_pricing_table_page
Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creatingpricingtablepage function in all versions up to, and including,...
Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
Email Encoder – Protect Email Addresses and Phone Numbers < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attribute...
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.2 - Missing Authorization via pms_stripe_connect_handle_authorization_return
Description The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmsstripeconnecthandleauthorizationreturn function in all versions up t...