14602 matches found
Restaurant & Cafe Addon for Elementor < 1.5.3 - Missing Authorization
Description The plugin is vulnerable to unauthorized modification of data due to missing capability checks on the rcafebwsettingssavefunc, rctlbwtogglesubmitfunc, rcafeuwsettingssavefunc, and rctluwtogglesubmitfunc functions all hooked via nopriv AJAX actions in all versions up to, and including,...
Legal Pages < 1.3.9 - Missing Authorization
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the moveToTrash and fetchandinserttemplatedata functions hooked via AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with...
Premmerce Redirect Manager < 1.0.12 - Admin+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.0.12 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...
Image Compressor & Optimizer - iLoveIMG < 1.0.6 - Admin+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection in all versions up to 1.0.6 exclusive via deserialization of untrusted input. This makes it possible for authenticated attackers, with admin access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a...
WP Courses LMS < 3.2.4 - Subscriber+ Arbitrary Options Update
Description The plugin is vulnerable to unauthorized modification of data due to missing capability check on the wpcsavefeoption function hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Sprout Invoices < 20.5.4 - Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to 20.5.4 exclusive via the systemhealthcheck function. This makes it possible for authenticated attackers with subscriber access and above to extract sensitive data including system configuration informatio...
Events Addon for Elementor < 2.1.3 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing nonce validation on the naeventsbwsettingssavefunc, naeventsbwtogglesubmitfunc, naeventsprosettingssavefunc, naeventsprotogglesubmitfunc and...
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
Description The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. PoC...
Orbit Fox by ThemeIsle < 2.10.28 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL...
Wordpress File Upload < 4.24.1 - Cross-Site Request Forgery
Description The WordPress File Upload plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.24.0. This is due to missing or incorrect nonce validation on the wfuajaxactionsaveshortcode function. This makes it possible for unauthenticated attacker...
Restaurant & Cafe Addon for Elementor < 1.5.3 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing nonce validation on the rcafebwsettingssavefunc, rctlbwtogglesubmitfunc, rcafeuwsettingssavefunc, and rctluwtogglesubmitfunc functions. This makes it possible for...
avalex – Automatisch sichere Rechtstexte < 3.0.9 - Missing Authorization
Description The plugin is vulnerable to unauthorized modifcation of data due to a missing capability check on the saveApiKey function hooked via admininit in all versions up to, and including, 3.0.8. This makes it possible for unauthenticated attackers to modify the API key for the plugin...
WP Courses LMS < 3.2.4 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on several functions hooked via AJAX in the /ajax/ajax-lesson-order.php file. This makes it possible for unauthenticated attackers to to perform...
Advanced Woo Search < 2.97 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Order Export & Order Import for WooCommerce < 2.4.4 - Shop Manager+ Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the uploadimportfile function in all versions up to, and including, 2.4.3. This makes it possible for authenticated attackers, with shop manager-level access and above, to upload arbitrary files ...
Welcart e-Commerce < 2.9.5 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to upload files via a forged request granted they can tri...
AI Engine: ChatGPT Chatbot < 1.9.99 - Unauthenticated Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'restupload' function in all versions up to, and including, 1.9.98. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make...
WP Courses LMS < 3.2.4 - Missing Authorization
Description The plugin is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /ajax/ajax-lesson-order.php file hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with...
Welcart e-Commerce < 2.9.6 - Admin+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection in all versions up to 2.9.5 inclusive via deserialization of untrusted input in the welcartconfirmcheckajax function. This makes it possible for administrators to inject a PHP Object. No POP chain is present in the vulnerable plugin. If...
popup-builder < 4.2.6 - Admin+ SSRF & File Read
Description The plugin does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. PoC 1. Create a multi-site wordpress setup, i.e. using docker-containers, and setup a second "site"...
Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass
Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...
MapPress Maps for WordPress < 2.88.16 - Unauthenticated Arbitrary Private/Draft Post Disclosure
Description The plugin does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. The fix made in 2.88.15 is not sufficient as it still allowed any authenticated users, such s subscriber to read arbitrary...
MapPress Maps for WordPress < 2.88.15 - Contributor+ Stored XSS
Description The plugin does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks PoC As a contributor, create/edit a map with the below payload as title and attach it to a post ca...
EazyDocs < 2.4.0 - Subscriber+ Arbitrary Posts Deletion and Document Management
Description The plugin re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9...
Contact Form 7 Extension For Mailchimp <= 0.5.70 - Subscriber+ Server-Side Request Forgery
Description The plugin is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.5.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can ...
MailerLite – WooCommerce integration < 2.0.9 - Missing Authorization via Multiple Functions
Description The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in versions up to, and including, 2.0.8. This makes it possible for authenticated attackers, with subscriber-level...
FastDup – Fastest WordPress Migration & Duplicator < 2.2 - Directory Listing to Account Takeover and Sensitive Data Exposure
Description The plugin does not prevent directory listing in sensitive directories containing export files. PoC 1 Run backup function http://yoursite/wordpress/wp-admin/admin.php?page=njt-fastdup/ 2 During backup creation, you can intercept the following paths:...
MailerLite – WooCommerce integration < 2.0.9 - Cross-Site Request Forgery via Multiple AJAX Functions
Description The MailerLite – WooCommerce integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.8. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to...
Beds24 Online Booking < 2.0.25 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
Barcode Scanner with Inventory & Order Manager < 1.5.2 - Unauthenticated Arbitrary File Upload via uploadFile
Description The Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploadFile' function in all versions up to, and including, 1.5.1. This makes it...
Droit Elementor Addons <= 3.1.5 - Cross-Site Request Forgery
Description The Droit Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.5. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged...
Advanced Flamingo <= 1.0 - Cross-Site Request Forgery
Description The Advanced Flamingo plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...
Word Replacer Pro <= 1.0 - Missing Authorization
Description The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to perform unauthorized actions...
RabbitLoader < 2.19.14 - Missing Authorization via multiple AJAX actions
Description The RabbitLoader plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 2.19.13. This makes it possible for authenticated attackers, with subscriber-level...
Seraphinite Accelerator < 2.20.48 - Unauthenticated Sensitive Information Exposure via Log File
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data from log files...
Barcode Scanner with Inventory & Order Manager < 1.5.2 - Unauthenticated SQL Injection via userToken
Description The Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘userToken’ parameter in all versions up to 1.5.2 exclusive due to insufficient escaping on the user supplied parameter and la...
Index Now < 2.6.4 - Cross-Site Request Forgery via reset_form
Description The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site...
Quiz Maker < 6.5.1.2 - Missing Authorization
Description The Quiz Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 6.5.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actio...
Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection
Description The Randomize plugin for WordPress is vulnerable toSQL Injection in versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
Infogram <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Infogram plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
HTML5 MP3 Player with Folder Feedburner <= 2.8.0 - Authenticated (Author+) PHP Object Injection
Description The HTML5 MP3 Player with Folder Feedburner Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.8.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and...
Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection
Description The Gecka Terms Thumbnails plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. N...
Custom post types < 5.0.0 - Admin+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 5.0.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...
Private Google Calendars < 20240106 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Constant Contact Forms < 2.4.3 - Information Disclosure via Log Files
Description The Constant Contact Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to extract sensitive data from log files...
Contact Form 7 – Dynamic Text Extension < 4.2.0 - Insecure Direct Object Reference
Description The plugin is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor...
Product Delivery Date for WooCommerce – Lite < 2.7.1 - Missing Authorization
Description The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the prdddeleteallspecialdelivery function in versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to...
Rate Star Review < 1.5.2 - Reflected Cross-Site Scripting
Description The Rate Star Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton
Description The HTML5 MP3 Player with Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PH...
WooCommerce Conversion Tracking < 2.0.12 - Subscriber+ happy-elementor-addons Installation & Activation
Description The plugin does not have authorisation checks in some AJAX actions, which could allow any authenticated users, such as subscriber to install and activate the happy-elementor-addons addon plugin...