14602 matches found
Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC 1. Go to to Quizzes & Surveys 2. Add/edit...
Quiz And Survey Master < 9.0.2 - Contributor+ SQLi
Description The plugin is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role PoC 1 You will need a valid nonce for deletion of quiz questions. 2 Sign in as a...
Custom Field Template < 2.6.2 - Authenticated(Contributor+) Information Exposure
Description The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including...
Blog2Social: Social Media Auto Post & Scheduler < 7.4.2 - Authenticated (Subscriber+) SQL Injection
Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WP Force SSL & HTTPS SSL Redirect < 1.67 - Missing Authorization to Settings Update
Description The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavesetting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers, subscriber-leve...
Animated AL List <= 1.0.6 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC 1. Add a new project 2. Access the URL...
Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass
Description The plugin is vulnerable to authentication bypass due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they...
Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
Description The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them PoC the response of the request above is 403, but the settings update still happens...
Formula < 0.5.2 - Reflected Cross-Site Scripting via ti_customizer_notify_dismiss_recommended_plugins
Description The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ticustomizernotifydismissrecommendedplugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it...
SKT Addons for Elementor < 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate and Creative Slider Widgets
Description The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Age Gate and Creative Slider widgets in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CF7 Google Sheets Connector < 5.0.10 - Missing Authorization to Limited Site Configuration Update
Description The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'executepostdatacg7free' function in all versions up to, and including, 5.0.9. This makes it possible for unauthenticated attackers to toggl...
Pagerank Tools <= 1.1.5 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/wp-admin/tools.php?page=pagepageranks="...
Cards for Beaver Builder < 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Cards Widget
Description The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.1.0 - Authenticated (Contributor+) Stored Cross=Site Scripting
Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterMobileText parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it...
WP Reset < 2.03 - Missing Authorization to License Key Modification
Description The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Formula < 0.5.2 - Reflected Cross-Site Scripting via quality_customizer_notify_dismiss_action
Description The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'qualitycustomizernotifydismissaction' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possib...
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Navigation Menu Widget
Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Navigation Menu widget of the plugin's Mega Menu extension in all versions up to, and including, 2.0.6.1 due to...
Widget4Call <= 1.0.7 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make an admin open the URL:...
Simple AL Slider <= 1.2.10 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC 1. Add a new project 2. As an admin, access the URL:...
Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for...
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.78 - Reflected Cross-Site Scripting
Description The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it possible for...
Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor < 2.0.6.2 - Missing Authorization to MA Template Creation or Modification
Description The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ma-template' REST API route in all versions up to, and including, 2.0.6.1. Th...
Minimal Coming Soon – Coming Soon Page < 2.39 - Missing Authorization to Limited Settings Change
Description The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for...
Royal Elementor Addons and Templates < 1.3.977 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Uploads
Description The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customuploadmimes’ function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticate...
WP Mobile Menu – The Mobile-Friendly Responsive Menu < 2.8.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt
Description The WP Mobile Menu – The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...
WP jQuery Lightbox < 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute
Description The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WS Form LITE <= 1.9.217 - Unauthenticated CSV Injection
Description The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a...
Strong Testimonials < 3.1.13 - Authenticated(Contributor+) Improper Authorization to Views Modification
Description The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtstsaveviewsticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor...
Tutor LMS – eLearning and online course solution < 2.7.2 -Authenticated (Administrator+) SQL Injection
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘courseid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...
Royal Elementor Addons and Templates < 1.3.977 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inlinelist’ parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.8.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox and Modal Widget
Description The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eaellightboxopenbtnicon’ parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output...
Pure Chat – Live Chat Plugin & More! < 2.23 - Cross-Site Request Forgery
Description The Pure Chat plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.22. This is due to missing or incorrect nonce validation on the purechatupdate function. This makes it possible for unauthenticated attackers to update chat details v...
Envo Extra < 1.8.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) < 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pacific Widget
Description The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input...
WooCommerce Tools < 1.2.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Module Deactivation
Description The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommercetooltogglemodule function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with...
Download Plugins and Themes from Dashboard < 1.8.6 - Authenticated (Admin+) Arbitrary File Download
Description The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.5 via the downloadtheme function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on t...
Market Exporter < 2.0.20 - Missing Authorization to Arbitrary File Deletion
Description The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'removefiles' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above,...
Clever Fox < 25.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel - Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute
Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficien...
Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
Description The plugin does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. PoC 1. ADMIN: Install Kadence Blocks Pro 2. CONTRIBUTOR: Add shortcode to any post and specify/guess the option name and save...
WP Booking < 2.4.5 - Authenticated Stored Cross-Site Scripting
Description The WP Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that wil...
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress < 9.0.2 - Authenticated (Contributor+) SQL Injection
Description The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'questionid' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficien...
One Page Express Companion < 1.6.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via one_page_express_contact_form Shortcode
Description The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's onepageexpresscontactform shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
GDPR CCPA Compliance & Cookie Consent Banner < 2.7.1 - Missing Authorization to Settings Update and Stored Cross-Site Scripting
Description The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings in all versions up to, and including, 2.7.0. This makes it possible for authenticate...
WP Chat App < 3.6.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC 1. Navigate to...
Colibri Page Builder < 1.0.277 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_video_player Shortcode
Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibrivideoplayer shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG
Description The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for...
H5P < 1.15.8 - Contributor+ Stored XSS
Description The plugin does not validate uploads which could allow a Contributors and above to update malicious SVG files, leading to Stored Cross-Site Scripting issues PoC 1. Upload an H5P archive containing a malicious SVG file w/an XSS 2. Example:...
BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg < 3.3.4 - Unauthenticated PHP Object Injection
Description The BetterDocs plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable...
Clever Fox – One Click Website Importer by Nayra Themes < 25.2.1 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme
Description The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for...