14603 matches found
Blocksy < 2.0.20 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via headers/footers in all versions up to, and including, 2.0.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to...
CP Polls < 1.0.72 - Unauthenticated Content Injection
Description The Polls CP plugin for WordPress is vulnerable to content injection in all versions up to, and including, 1.0.71. This is due to insufficient validation on poll answers. This makes it possible for unauthenticated attackers to inject arbitrary content...
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.4.2 - Missing Authorization
Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it...
Customer Reviews for WooCommerce < 5.39.0 - Improper Authorization via submit_review
Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitreview' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit...
Awesome Support – WordPress HelpDesk & Support Plugin < 6.1.8 - Missing Authorization via wpas_get_users()
Description The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpasgetusers function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated...
Prime Slider – Addons For Elementor < 3.11.11 - Incorrect Authorization via bdt_duplicate_as_draft
Description The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bdtduplicateasdraft function in versions up to, and including, 3.11.10. This makes it possible for authenticated attackers, with...
Starbox < 3.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings
Description The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) < 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PowerPack Addons for Elementor Free Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied...
Elementor Website Builder – More than Just a Page Builder < 3.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt
Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instancealt parameter in the getimagealt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output...
Royal Elementor Addons and Templates < 1.3.88 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization
Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmpname' parameter...
CP Polls < 1.0.72 - Unauthenticated Poll Limit Bypass
Description The Polls CP plugin for WordPress is vulnerable to Poll Limit Bypass in all versions up to, and including, 1.0.71. This is due to insufficient controls on on the voting system. This makes it possible for unauthenticated attackers to vote multiple times...
Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review, pw-protected, and trashed events. PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets...
Product Labels For Woocommerce < 1.5.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Description The Product Labels For Woocommerce Sale Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘'badgeLabel' parameter in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for...
Contact Form 7 Connector < 1.2.3 - Cross-Site Request Forgery
Description The Contact Form 7 Connector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on several function. This makes it possible for unauthenticated attackers to perform unauthorized...
Apollo13 Framework Extensions < 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin < 3.3.51 - Missing Authorization to Unauthenticated Events Export
Description The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for...
Portugal CTT Tracking for WooCommerce < 2.2 - Reflected Cross-Site Scripting
Description The Portugal CTT Tracking for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Woocommerce Vietnam Checkout < 2.0.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting
Description The Woocommerce Vietnam Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $currency variable in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
Link Library < 7.6 - Cross-Site Request Forgery via action_admin_init
Description The Link Library plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.13. This is due to missing or incorrect nonce validation on the actionadmininit function. This makes it possible for unauthenticated attackers to dismissing a notice...
Internal Link Juicer < 2.23.5 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'iljsettingsfieldlinksperpage' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping...
Passster – Password Protect Pages and Content < 4.2.6.3 - Missing Authorization to Sensitive Information Exposure
Description The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other...
Coupon Referral Program <= 1.7.2 - Unauthenticated PHP Object Injection
Description The Coupon Referral Program plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.2 via deserialization of untrusted input. This makes it possible for unuathenitcated attackers. to inject a PHP Object. No known POP chain is present in the...
Link Library < 7.6 - Reflected Cross-Site Scripting via 'link_price' and 'link_tags'
Description The Link Library plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'linkprice' and 'linktags' parameters in versions up to, and including, 7.5.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
WP SMS < 6.5.3 - Reflected Cross-Site Scripting via 'page'
Description The WP SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets...
Contest Gallery < 21.2.9 - Cross-Site Request Forgery
Description The Contest Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 21.2.8.4. This is due to missing or incorrect nonce validation in the prev10/prev10-admin/gallery/gallery.php file. This makes it possible for unauthenticated attacke...
Wonder Slider Lite < 14.0 - Reflected Cross-Site Scripting via 'page'
Description The Wonder Slider Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 13.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Themify Builder < 7.0.6 - Cross-Site Request Forgery
Description The Themify Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.0.5. This is due to missing or incorrect nonce validation on the cachemenu function. This makes it possible for unauthenticated attackers to clear cache via a forge...
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Plugin Data Removal in reinitialize
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attacke...
Simple Page Access Restriction < 1.0.23 - Improper Access Control to Sensitive Information Exposure via REST API
Description The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content...
Matomo < 5.0.1 - Reflected Cross-Site Scripting via idsite
Description The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it possible for...
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in stopOptimizeAll
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Plugin Data Removal in reinitialize
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in optimizeAllOn
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
Booking Calendar < 9.9.1 - Unauthenticated SQL Injection
Description The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendarrequestparamsdatesddmmyycsv' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in disableOptimization
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
WP-Mobile-BankID-Integration < 1.0.1 - PHP Object Injection
Description The WP-Mobile-BankID-Integration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and excluding, 1.0.1 via deserialization of untrusted input through the getAuthResponseFromDB function. This makes it possible for attackers to inject a PHP Object. No known...
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in stopOptimizeAll
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated...
ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in enableOptimization
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in disableOptimization
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated...
Elementor Addons by Livemesh < 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
PPWP – Password Protect Pages < 1.9.0 - Protection Mechanism Bypass
Description The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for...
Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Payment Forms for Paystack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in enableOptimization
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated...
WP Recipe Maker < 9.2.0 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton
Description The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in optimizeAllOn
Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated...
Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Unauthenticated Data Export
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the initdownload and init functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the...
Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Settings Import
Description The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settin...
Cloudflare < 4.12.3 - Missing Authorization via initProxy
Description The Cloudflare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'initProxy' function in versions up to and including 4.12.2. This makes it possible for authenticated attackers, with subscriber access and above, to send requests...