14602 matches found
12 Step Meeting List < 3.14.29 - Subscriber+ CSV Download
Description The plugin does not have authorisation in its csv AJAX action, allowing any authenticated users, such a subscriber to export meetings and gain access to sensitive information...
WP-Lister Lite for eBay < 3.5.8 - Reflected Cross-Site Scripting via 's'
Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in versions up to, and including, 3.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
File Manager Pro < 8.3.5 - Authenticated (Subscriber+) Arbitrary File Upload
Description The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mkcheckfilemanagerphpsyntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the...
ARI Stream Quiz < 1.3.0 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Views for WPForms < 3.2.3 - Missing Authorization via get_form_fields
Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getformfields' function in all versions up to, and including, 3.2.2. This makes it possible for...
SalesKing < 1.6.30 - Unauthenticated Privilege Escalation
Description The plugin is vulnerable to privilege escalation. This allows unauthenticated attackers to create arbitrary malicious administrator accounts...
PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PDF Viewer & 3D PDF Flipbook – DearPDF plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
CBX Map for Google Map & OpenStreetMap < 1.1.12 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Photo Gallery by 10Web - Mobile-Friendly Image Gallery < 1.8.20 - Directory Traversal to Arbitrary File Rename
Description The plugin is vulnerable to Directory Traversal attacks via the renameitem function. This makes it possible for authenticated attackers to rename arbitrary files on the server. Note: By default this can be exploited by administrators only. In the premium version of the plugin,...
Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Visit the "Settings" interface...
Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Have an admin open an HTML page containing the following:...
Travelpayouts < 1.1.14 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below:...
Advanced Schedule Posts <= 2.1.8 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admins. PoC...
illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion
Description The plugin lacks proper access controls, allowing unauthenticated visitors to delete links. PoC http://example.com/?page=illi3/includes/functions.php=deletesubmission=INSERTID Replace "INSERTID" with an ID of a link and hit enter. The link will be deleted...
WolfNet IDX for WordPress <= 1.19.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. In the settings of the plugin,...
WP Customer Area < 8.2.3 - Reflected Cross-Site Scripting
Description The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
illi Link Party! <= 1.0 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitize and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks. PoC 1. Go to "Settings Link Party!". 2. Under "Add a New Party", enter the payload for either the "Party Name" or "Party Description":...
aBitGone CommentSafe <= 1.0.0 - Settings Update to Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. PoC Make an admin open an HTML file containing the following:...
Ultimate Noindex Nofollow Tool <= 1.1.2 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing the following:...
SVG Uploads Support <= 2.1.1 - Author+ Stored XSS via SVG
Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to see the XSS...
WP-Reply Notify <= 1.1 - Settings Update via CSRF
Description The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. PoC Make an admin open an HTML page containing the following:...
Better Follow Button for Jetpack <= 8.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Navigate to:...
illi Link Party! <= 1.0 - Unauthenticated Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated vistors to perform Cross-Site Scripting attacks. PoC 1. Add a new link party and add its shortcode to a new post. 2. In a new private window, navigate to the post where you added the shortcode...
illi Link Party! <= 1.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. PoC Make an admin open the following HTML: See that the support the plugin option is toggled on/off...
Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Author+ Stored XSS via SVG
Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. PoC Upload an SVG with the following code: Access the uploaded file directly to see the XSS...
Popup Box Pro < 20.9.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...
WPZOOM Shortcodes < 1.0.2 - Reflected Cross-Site Scripting
Description The WPZOOM Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via certain input fields in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting
Description The SimpleMap Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
Popup Box Pro < 7.9.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...
PDF Generator For Fluent Forms < 1.1.8 - Cross-Site Scripting
Description The PDF Generator For Fluent Forms – The Contact Form Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header, PDF body and footer content parameters in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping...
IP2Location Country Blocker < 2.33.4 - Unauthenticated Sensitive Information Exposure via Debug Log File
Description The IP2Location Country Blocker plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.3 via ip2location-country-blocker.php. This makes it possible for unauthenticated attackers to extract sensitive data including debug...
Asgaros Forum < 2.8.0 - Unauthenticated PHP Object Injection in prepare_unread_status
Description The Asgaros Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.7.2 via deserialization of untrusted input in the prepareunreadstatus function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP...
SalesKing < 1.6.30 - Missing Authorization to Settings Change
Description The SalesKing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to modify plugin settings...
WP To Do < 1.2.9 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injecte...
Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection
Description The Delhivery Logistics Courier plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.107 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Sticky Buttons < 3.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Customer Reviews for WooCommerce < 5.38.2 - Cross-Site Request Forgery via manual review reminders
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to 5.38.2 exclusive. This is due to missing or incorrect nonce validation on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions. This makes it possible for unauthenticated...
Author Box, Guest Author and Co-Authors for Your Posts – Molongui < 4.7.5 - Information Exposure via ma_debug
Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'madebu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable...
Import and export users and customers < 1.24.7 - Missing Authorization via fire_cron REST endpoint
Description The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the firecron function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to trigger the plugin's cron job...
Burst Statistics Really Simple Plugins < 1.5.4 - Editor+ SQL Injection
Description The plugin is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', and 'referrer'. This vulnerability arises due to insufficient...
Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scripting via Image URl
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with...
Getwid – Gutenberg Blocks < 2.0.5 - Captcha Bypass
Description The plugin is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from the 'data' array...
Schema & Structured Data for WP & AMP < 1.26 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via header_tag
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to unrestricted use of the 'headertag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inje...
Customer Reviews for WooCommerce < 5.38.2 - Missing Authorization via manual review reminders
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the manualreviewreminder, manualwareviewreminder, and manualreviewreminderconf functions in all versions up to 5.38.2 exclusive. This makes it possible for authenticated attackers, with...
WPS Hide Login < 1.9.12 - Hidden Login Page Location Disclosure
Description The plugin is vulnerable to login page disclosure in all versions up to, and including, 1.9.11. This makes it possible for unauthenticated attackers to bypass an intended security restriction designed to prevent brute force authentication attempts on multi-site installations...
Product Import Export for WooCommerce < 2.3.8 - Shop Manager+ Arbitrary File Upload via upload_import_file
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadimportfile' function n all versions up to, and including, 2.3.7. This makes it possible for authenticated attackers, with Shop Manager access and above, to upload arbitrary files on th...
Getwid – Gutenberg Blocks < 2.0.5 - Missing Authorization to Recaptcha API Key Modification
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the recaptchaapikeymanage function in all versions up to, and including, 2.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to add, modify...
Advanced Custom Fields < 6.2.5 - Contributor+ Stored Cross-Site Scripting via Custom Field
Description The plugin is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to injec...
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via 'tag'
Description The plugin is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-lev...