14603 matches found
InstaWP Connect < 0.1.0.10 - Authenticated (Subscriber+) SQL Injection
Description The InstaWP Connect plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...
Exclusive Addons for Elementor < 2.6.9 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Meks Smart Social Widget < 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
coreActivity < 1.8.1 - Unauthenticated Stored XSS
Description The plugin does not escape some request data when outputting it back in the admin dashboard, allowing unauthenticated users to perform Stored XSS attack against high privilege users such as admin PoC As unauthenticated: curl 'https://example.com/' The XSS will be triggered when an adm...
Backuply – Backup, Restore, Migrate and Clone < 1.2.4 - Admin+ Directory Traversal
Description The plugin is vulnerable to Directory Traversal via the nodeid parameter in the backuplygetjstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information...
File Manager < 7.2.2 - Sensitive Information Exposure via Backup Filenames
Description The plugin is vulnerable to Sensitive Information Exposure due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where...
(Simply) Guest Author Name < 4.35 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Simply Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Travelpayouts < 1.1.13 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack PoC Make a logged in admin open a page containing the HTML code below, this will make them update the plugin's...
Abandoned Cart Lite for WooCommerce < 5.16.1 - Improper Authorization via wcal_preview_emails
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wcalpreviewemails function. This makes it possible for unauthenticated attackers to preview emails, granted they are able to obtain a nonce via a separate vulnerability...
WP RSS Aggregator < 4.23.5 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
10Web AI Assistant – AI content writing assistant < 1.0.19 - Missing Authorization to Arbitrary Plugin Installation
Description The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the installplugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated...
FreshMail For WordPress <= 2.3.2 - Cross-Site Request Forgery
Description The FreshMail For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.2. This is due to missing nonce validation function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...
WordPress Button Plugin MaxButtons < 9.7.7 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
GS Pins for Pinterest Lite < 1.8.1 - Missing Authorization via _update_shortcode
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check and a misconfigured nonce check on the updateshortcode function, allowing authenticated attackers, with subscriber access and above, to update the plugin's shortcodes...
Slider by Supsystic < 1.8.7 - Missing Authorization
Description The Slider by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
Accelerated Mobile Pages < 1.0.93 - Unautenticated Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the 'disqusname' parameter due to insufficient input sanitization and output escaping on the executed JS file. T...
Albo Pretorio Online <= 4.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Albo Pretorio Online plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 4.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...
FileBird < 5.6.1 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Views for WPForms < 3.2.3 - Missing Authorization via create_view
Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'createview' function in all versions up to, and including, 3.2.2. This makes it possible for...
WebSub (FKA. PubSubHubbub) < 3.2.0 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WP Mail Log < 1.1.3 - Editor+ SQL Injection via id
Description The plugin is vulnerable to SQL Injection via the ‘id’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
GS Team Members < 2.2.4 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
Robo Gallery < 3.2.18 - Author+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting idue to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Ninja Tables < 5.0.7 - Contributor+ Table Data Access
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the dragAndDropExport function. This makes it possible for authenticated attackers, with contributor-level access and above, to export table data...
Views for WPForms < 3.2.3 - Cross-Site Request Forgery via create_view
Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'createview' function. This makes it...
Shield Security < 18.5.8 - Unauthenticated Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the getColumnContentPage function due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...
Views for WPForms < 3.2.3 - Cross-Site Request Forgery via save_view
Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it...
Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure
Description The Albo Pretorio On line plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.6.6. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Content Views < 3.6.3 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Views for WPForms < 3.2.3 - Missing Authorization via save_view
Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveview' function in all versions up to, and including, 3.2.2. This makes it possible for...
Advanced Database Cleaner < 3.1.4 - Administrator+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin...
WPFront Notification Bar < 3.4 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
GiveWP < 3.3.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
EventPrime – Modern Events Calendar, Bookings and Tickets < 3.3.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...
WooCommerce Parcel Pro < 1.6.12 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
ColorMag < 3.1.3 - Missing Authorization to Arbitrary Plugin Installation
Description The plugin is vulnerable to unauthorized access due to a missing capability check on the pluginactioncallback function in all versions up to, allowing authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins...
Simple Membership < 4.4.2 - Open Redirect
Description The plugin is vulnerable to Open Redirect. This is due to insufficient validation on the redirect url supplied via the swpmpageurl parameter, making it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into...
Paid Memberships Pro < 2.12.8 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Better Search Replace < 1.4.5 - Unauthenticated PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed...
Amelia < 1.0.99 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Posts List Designer by Category < 3.3.3 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Formzu WP < 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Formzu WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WooCommerce Subscriptions < 5.8.0 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data or modification of data due to a missing capability check on an unknown low-severity function, making it possible for authenticated attackers, with contributor-level access and above, to make use of that function...
Contact Form builder with drag & drop - Kali Forms < 2.3.37 - Insecure Direct Object Reference
Description The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.38 due to missing validation on a user controlled key. This makes it possible for unauthenticated...
Category Discount Woocommerce < 4.13 - Missing Authorization via wpcd_save_discount()
Description The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify produ...
VK Block Patterns < 1.31.2.0 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Floating Action Button < 1.2.2 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WP Go Maps (formerly WP Google Maps) < 9.0.29 - Unauthenticated Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the map id parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a...
Login Lockdown < 2.07 - Administrator+ SQL Injection
Description The plugin is vulnerable to SQL Injection via the ‘sort order and limit’ parameter due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
ChatBot < 5.1.1 - Unauthenticated PHP Object Injection
Description The ChatBot with AI plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.0 via deserialization of untrusted input via the lastfiveprompt cookies. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain i...