14602 matches found
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via icon_color
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scritping
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with...
Fluent Forms < 5.1.7 - Admin+ Stored Cross-Site Scripting via imported form title
Description The plugin is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject...
User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppbtwofactorauthenticationsettingsupdate' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA...
AI Engine < 2.1.5 - Editor+ Arbitrary File Upload via add_image_from_url
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'addimagefromurl' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the...
PDF Invoices & Packing Slips for WooCommerce < 3.7.6 - Shop Manager+ SQL Injection
Description The plugin is vulnerable to SQL Injection via the getnumbers function in all versions up to, and including, 3.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...
WP Recipe Maker < 9.1.1 - Reflected Cross-Site Scripting via Referer
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via Recipe Notes
Description The plugin is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...
WP Recipe Maker < 9.1.1 - Contributor+ Stored Cross-Site Scripting via Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
Booking for Appointments and Events Calendar – Amelia < 1.0.94 - Contributor+ Stored Cross-Site Scripting via shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.93 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WP Recipe Maker < 9.1.1 - Directory Traversal
Description The plugin is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, whi...
Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php
Description The Better Anchor Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.5. This is due to missing or incorrect nonce validation on the admin/options.php file. This makes it possible for unauthenticated attackers to update the...
Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class
Description The Image Tag Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'defaultclass’ parameter in versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection
Description The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
HD Quiz < 1.8.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Description The HD Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WOLF < 1.0.8.1 - Unauthenticated Stored Cross-Site Scripting via profile_title
Description The WOLF plugin for WordPress is vulnerable to stored Cross-Site Scripting via the ‘profiletitle’ parameter in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Charts New Chart HTML 3...
Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Charts Settings". 2...
Splashscreen <= 0.20 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...
BA Plus <= 1.0.3 - Reflected Cross-Site Scripting
Description The BA Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
BP Profile Search < 5.6 - Reflected Cross-Site Scripting via BPS_FORM
Description The BP Profile Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ BPSFORM’ parameter in versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PeepSo Core: Photos < 6.3.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The PeepSo Core: Photos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to 6.3.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and...
GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "GigPress Settings" 2...
WPForms Pro < 1.8.5.4 - Unauthenticated Stored Cross-Site Scripting via Form Submission
Description The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Browser Theme Color <= 1.3 - Cross-Site Request Forgery via btc_settings_page
Description The Browser Theme Color plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'btcsettingspage' function. This makes it possible for unauthenticated attackers to modify the...
Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets
Description The Custom Dashboard Widgets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the 'cdwDashboardWidgets' function. This makes it possible for unauthenticated attackers t...
Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to
Description The Post views Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from’ and 'to' parameters in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
lasTunes <= 3.6.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC...
Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page
Description The Frontpage Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'adminpage' function. This makes it possible for unauthenticated attackers to change the plugin's...
Stripe Payment Plugin for WooCommerce < 3.8.0 - Unauthenticated SQL Injection
Description The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
Shortcodes Finder < 1.5.5 - Reflected Cross-Site Scripting
Description The Shortcodes Finder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
GeneratePress Premium < 2.4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta
Description The GeneratePress Premium plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom meta output in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Authenticated (Contributor+) Code Injection
Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vgdisplaydata shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that...
Stock Locations for WooCommerce < 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Stock Locations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data
Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on...
Profile Builder Pro < 3.10.1 - Cross-Site Request Forgery
Description The Profile Builder Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.10.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged...
EditorsKit < 1.40.4 - Authenticated (Administrator+) Arbitrary File Upload
Description The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, t...
WP Spell Check < 9.18 - Cross-Site Request Forgery
Description The WP Spell Check plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.17. This is due to missing or incorrect nonce validation on the wpscxadminemptyrender function. This makes it possible for unauthenticated attackers to update an...
Profile Builder Pro < 3.10.1 - Reflected Cross-Site Scripting
Description The Profile Builder Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CformsII < 15.0.7 - Unauthenticated Stored XSS
Description The plugin is vulnerable to stored Cross-Site Scripting via an unknown parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...
Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload
Description The Unlimited Addons for WPBakery Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'importZipFile' function in versions up to, and including, 1.0.42. This makes it possible for authenticated attackers with a role...
InstaWP Connect < 0.1.0.9 - Missing Authorization to Arbitrary Options Update
Description The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savemanagementsettings function in all versions up to, and including, 0.1.0.8. This makes it possible for authenticated...
Constant Contact Forms by MailMunch < 2.1.0 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via an unknown parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will...
Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure
Description The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vgdisplaydata shortcode due to missing validation on a user controlled key. This makes it...
Profile Builder Pro < 3.10.1 - Authenticated (Subscriber+) Time-Based One-Time Password Sensitive Information Exposure
Description The Profile Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.10.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract a sensitive time-based one-time password TO...
Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio < 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Portfolio & Image Gallery for WordPress | PowerFolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...
Smart Manager < 8.28.0 - Admin+ SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. PoC The vulnerability can be demonstrated using the following POST request: POST...
SalesKing < 1.6.30 - Unauthenticated Sensitive Information Exposure
Description The salesking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.15. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Hreflang Manager < 1.07 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.06. This is due to missing nonce validation in the /admin/view/connections.php file. This makes it possible for unauthenticated attackers to modify, delete, and clone connections via a forge...
WordPress Manutenção < 1.0.7 - IP Spoofing to Maintenance Mode Bypass
Description The plugin is vulnerable to IP Spoofing due to insufficient validation of IP addresses, allowing unauthenticated attackers to bypass the plugin's maintenance mode restriction via the 'X-Forwarded-For' HTTP header...