14602 matches found
Void Contact Form 7 Widget For Elementor Page Builder < 2.4 - Missing Authorization
Description The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions in the /helper/helper.php file in versions up to, and including, 2.3. This makes it possible for authenticate...
Email Encoder < 2.1.10 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's eebmailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
Ajax Search Lite < 4.11.5 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a us...
Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
RSS Aggregator by Feedzy < 4.3.3 - Missing Authorization
Description The plugin is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings includin...
Taggbox < 3.2 - Unauthenticated PHP Object Injection
Description The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP...
Laybuy Payment Extension for WooCommerce <= 5.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Laybuy Payment Extension for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Product Catalog Simple < 1.7.6 - Cross-Site Request Forgery via ic_system_status
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.5. This is due to missing or incorrect nonce validation on the icsystemstatus function. This makes it possible for unauthenticated attackers to reset product settings, delete products,...
pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection
Description The pTypeConverter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.2.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers...
WP Job Manager < 2.1.0 - Unauthenticated Job Status Update
Description The plugin does not properly authorize the use of some endpoints, allowing an unauthenticated attacker to update job statuses...
ARMember < 4.0.23 - Cross-Site Request Forgery
Description The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.22. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to inject PHP objects via a forged...
Customer Reviews for WooCommerce < 5.38.10 - Author+ Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the ivoleimportuploadcsv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary file...
Booster Plus for WooCommerce < 7.1.3 - Missing Authorization to Arbitrary Options Disclosure
Description The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.3 exclusive. This makes it possible for authenticated attackers, with subscriber-level access and above...
WP Job Manager < 2.1.0 - Cross-Site Request Forgery
Description The WP Job Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the settingssave function. This makes it possible for unauthenticated attackers to save settings via a...
JS & CSS Script Optimizer <= 0.3.3 - Cross-Site Request Forgery
Description The JS & CSS Script Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.3.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform and unauthorized...
WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection
Description The Woocommerce Tranzila Payment Gateway plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.8 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present ...
Plugin for Google Reviews < 3.2 - Contributor+ Stored Cross-Site Scripting via shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on the 'placeid' attribute. This makes it possible for authenticated attackers with contributor-level...
CformsII < 15.0.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Essential Blocks < 4.4.7 - Contributor+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
Posts to Page <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Posts to Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
1 click disable all < 1.0.2 - Plugins Deactivation via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation, allowing unauthenticated attackers to deactivate all plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link...
Booster Elite for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure
Description The Booster Elite for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 7.1.2 exclusive. This makes it possible for authenticated attackers, with subscriber-level access and above, to view...
NitroPack < 1.10.0 - Missing Authorization via multiple AJAX functions
Description The plugin is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access and above...
ActivityPub for WordPress < 1.0.6 - Unauthenticated REST API Access
Description The plugin does not properly authorize access to the REST API, allowing an unauthenticated attacker to access restricted endpoints...
The Events Calendar < 6.2.9 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.2.8.2 via the route function hooked into wpajaxnoprivtribedropdown. This makes it possible for unauthenticated attackers to extract potentially sensitive data including post titles and I...
oEmbed Gist <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The oEmbed Gist plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Ultimate Maps by Supsystic < 1.2.16 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Go to the Marker Categories settings of the plugin...
Coupon Referral Program <= 1.7.2 - Sensitive Information Disclosure
Description The Coupon Referral Program plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to extract sensitive user data...
Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page/Post Deletion
Description The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on an unknown function in all versions up to 7.1.2 exclusive. This makes it possible for authenticated attackers, with subscriber-level access and above, ...
HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection
Description The HTML5 SoundCloud Player with Playlist Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.8.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inje...
Wp Ultimate Review <= 2.3.2 - IP Spoofing
Description The plugin is vulnerable to IP Address Spoofing due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting...
Ecwid Ecommerce Shopping Cart < 6.12.4 - Missing Authorization on multiple functions
Description The plugin is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple functions in all versions up to, and including, 6.12.3. This makes it possible for authenticated attackers to access developer tool pages...
List category posts < 0.89.4 - Contributor+ Stored Cross-Site Scripting via Shortcode
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WP ERP < 1.12.9 - Authenticated (Accounting manager+) SQL Injection
Description The WP ERP plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in versions up to, and including, 1.12.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CPT Bootstrap Carousel <= 1.12 - Reflected Cross-Site Scripting
Description The CPT Bootstrap Carousel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WooCommerce < 8.3.0 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
RSS Aggregator by Feedzy < 4.3.3 - Author+ Stored Cross-Site Scripting
Description The plugin is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject...
Page Builder: Live Composer < 1.5.29 - Author+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for authenticated attackers, with author-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an...
Solid Central < 3.0.1 - Stored Cross-Site Scripting via packages
Description The plugin is vulnerable to Stored Cross-Site Scripting via via malicious package names in all versions up to and including 3.0.0 due to insufficient output escaping. This makes it possible for attackers able to compromise the packages retrieved from the iThemes API to inject arbitrar...
Ads Invalid Click Protection <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Ads Invalid Click Protection plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Mapster WP Maps < 1.2.39 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of parameters before outputting them back in a page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure
Description The Booster Plus for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to 7.1.2 exclusive. This makes it possible for authenticated attackers, with susbcriber-level access and above...
Google Analytics by Monster Insights < 8.22.0 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 8.21.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...
Page Builder: Live Composer < 1.5.24 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Page Builder: Live Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 1.5.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Quiz And Survey Master < 8.1.19 - Multiple Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.1.18. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to show disabled contact fields and delete quiz results...
Ideal Interactive Map <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ideal Interactive Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
Icegram < 3.1.22 - Contributor+ Campaign Status Toggle / Duplication
Description The plugin does not have proper authorisation when duplicating and toggling campaign status, allowing contributors and above roles to perform such action...
Metform Elementor Contact Form Builder < 3.8.2 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mfhubsopttoken",...
WP Register Profile With Shortcode < 3.6.0 - Cross-Site Request Forgery to User Password Reset
Description The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the updatepasswordvalidate function. This makes it possible for unauthenticated...
Hubbub Lite < 1.32.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC As admin, enable the 'Floating...