14603 matches found
Starbox < 3.5.0 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks PoC http://132" onmouseover='alert1'...
Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, ...
Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer
Description The Basic Log Viewer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the 'wpstlwviewer' function. This makes it possible for unauthenticated attackers to erase error logs...
SiteOrigin Widgets Bundle < 1.58.3 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the code editor due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to perform Stored XSS attacks...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Filterable Gallery
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and abov...
Directorist < 7.8.5 - Missing Authorization to Unauthenticated Settings Change
Description The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setupwizard' function in all versions up to, and including, 7.8.4. This makes it possibl...
Before After Image Slider WP <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Before After Image Slider WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
All 404 Pages Redirect to Homepage < 2.0 - Unauthenticated Stored Cross-Site Scripting
Description The All 404 Pages Redirect to Homepage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters including IP address and 404 page URL in versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possib...
Honeypot for WP Comment <= 2.2.3 - Reflected Cross-Site Scripting via page
Description The Honeypot for WP Comment plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Brooklyn <= 4.9.7.6 - Reflected Cross-Site Scripting
Description The brooklyn theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 4.9.7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
Booster for WooCommerce < 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcjproductbarcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'...
SiteOrigin Widgets Bundle < 1.58.4 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the code editor due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to perform Stored XSS attacks...
Buttons Shortcode and Widget <= 1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Buttons Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP Contact Form <= 1.6 - Cross-Site Request Forgery via wpcf_adminpage
Description The WP Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the 'wpcfadminpage' function. This makes it possible for unauthenticated attackers to modify the plugin's...
Bold Page Builder < 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access ...
Sunshine Photo Cart: Free Client Galleries for Photographers < 3.1 - Unauthenticated Sensitive Information Exposure via Invoice
Description The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data includin...
Bold Page Builder < 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Content Cards <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Content Cards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Login Lockdown – Protect Login Form < 2.09 - Subscriber+ Options Leak
Description The plugin does not prevent logged-in users of any role e.g. subscribers from leaking its settings, which may include allowlisted IP addresses as well as a global unlock key, with which they could add their own IP address to the plugin's list. PoC As a logged-in subscriber, visit the...
Bold Page Builder < 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL
Description The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
Insert PHP Code Snippet < 1.3.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Brooklyn <= 4.9.7.6 - PHP Object Injection
Description The brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7.6 via deserialization of untrusted input from an unknown parameter. This makes it possible for authenticated attackers, with subscriber access and above, to inject a PHP...
SKT Page Builder < 4.2 - Missing Authorization to Authenticated(Subscriber+) Content Injection
Description The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access...
VK Poster Group <= 2.0.3 - Reflected Cross-Site Scripting via vkp_repost
Description The VK Poster Group plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘vkprepost’ parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Accordion
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above...
Honeypot for WP Comment <= 2.2.3 - Directory Traversal to Unauthenticated Arbitrary File Deletion
Description The Honeypot for WP Comment plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...
NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'xladdoninstallation' function, allowing authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins...
RSS Aggregator by Feedzy < 4.4.3 - Authenticated(Contributor+) SQL Injection
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘searchkey’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter an...
Backuply - Backup, Restore, Migrate and Clone < 1.2.6 - Unauthenticated Denial of Service
Description The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restoreins.php file and. This makes it possible for unauthenticated attackers to make...
Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Timeline Widget For Elementor Elementor Timeline, Vertical & Horizontal Timeline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and...
WP 404 Auto Redirect to Similar Post < 1.0.4 - Reflected Cross-Site Scripting via request
Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
Awesome Support – WordPress HelpDesk & Support Plugin < 6.1.8 - Authenticated (Subscriber+) SQL Injection
Description The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpasgetusers action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack o...
WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possib...
Royal Elementor Kit < 1.0.117 - Missing Authorization to Arbitrary Transient Update
Description The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber...
RSS Aggregator by Feedzy < 4.4.3 - Missing Authorization to Arbitrary Page Creation and Publication
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzywizardstepprocess' and 'importstatus' functions in all versions up t...
Minimal Coming Soon – Coming Soon Page < 2.38 - Unauthenticated Maintenance Mode Bypass
Description The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated...
Royal Elementor Addons and Templates < 1.3.88 - Missing Authorization via wpr_update_form_action_meta
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wprupdateformactionmeta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers...
Elementor Addon Elements < 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linkto parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
AMP for WP < 1.0.93.2 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data
Description The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppbremovesavedlayoutdata' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers,...
ACF Photo Gallery Field < 2.7 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected function...
Element Pack Elementor Addons < 5.4.12 - Missing Authorization via bdt_duplicate_as_draft
Description The Element Pack Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'bdtduplicateasdraft' function in versions up to, and including, 5.4.11. This makes it possible for authenticated attackers, with...
Royal Elementor Addons and Templates < 1.3.88 - Multiple Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform actions on the site via forged requests grant...
WP RSS Aggregator < 4.23.6 - Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source
Description The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web...
Starbox < 3.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings
Description The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
InfiniteWP Client < 1.12.3.1 - Unauthenticated Sensitive Information Exposure
Description The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeat...
EmbedPress < 3.9.5 - Missing Authorization
Description The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the savesourcedata and deletesourcedata functions i...
Awesome Support – WordPress HelpDesk & Support Plugin < 6.1.8 - Missing Authorization via editor_html()
Description The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editorhtml function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, wit...
Custom Twitter Feeds – A Tweets Widget or X Feed Widget < 2.2.2 - Cross-Site Request Forgery to Plugin Options Update
Description The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctfautosavetokens function. This makes it possible for...