14602 matches found
Brizy < 2.4.30 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
JS Help Desk < 2.8.2 - Unauthenticated SQL Injection via email and trackingid
Description The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...
WordPress Infinite Scroll - Ajax Load More < 6.2 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
NitroPack < 1.10.3 - Multiple CSRF
Description The plugin does not have CSRF checks in various functions places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks...
WordPress.com Editing Toolkit < 3.79150 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is rendered, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
ARMember < 4.0.11 - Subscriber+ Privilege Escalation
Description The plugin is vulnerable to privilege escalation due to insufficient input validation, allowing subscriber users and above to escalate their privileges...
WebinarIgnition < 3.05.1 - Authenticated (Subscriber+) PHP Object Injection
Description The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.05.0 via deserialization of untrusted input. This makes it possible for...
BookingPress < 1.0.75 - Unauthenticated Booking Price Manipulation
Description The plugin does not have proper validation in its bookingpressconfirmbooking, allowing unauthenticated user to modify the price of an appointment...
Recipe Maker For Your Food Blog from Zip Recipes < 8.1.1 - Authenticated(Contributor+) SQL Injection
Description The Recipe Maker For Your Food Blog from Zip Recipes plugin for WordPress is vulnerable to SQL Injection via the ‘order’ and 'orderby' parameters in all versions up to 8.1.1 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload
Description The WP MLM SOFTWARE PLUGIN plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may...
ARI Stream Quiz < 1.3.0 - Cross-Site Request Forgery
Description The ARI Stream Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.32. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions against classes and...
Product Code for WooCommerce < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Product Code for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation
Description The WP MLM SOFTWARE PLUGIN plugin for WordPress is vulnerable to privilege in all versions up to, and including, 4.0. This makes it possible for unauthenticated attackers to take over arbitrary accounts on the site...
My Agile Privacy < 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vis Shortcode
Description The My Agile Privacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
Calculated Fields Form < 1.2.29 - Contributor+ Open Redirect
Description The plugin does not validate a shortcode attribute, which could allow Contributor and above role to perform Open Redirect attack...
Paid Member Subscriptions < 2.10.5 - Cross-Site Request Forgery via ajax_add_log_entry
Description The Paid Member Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the ajaxaddlogentry function. This makes it possible for unauthenticated attackers to modify...
Thrive Automator < 1.17.1 - Cross-Site Request Forgery
Description The Thrive Automator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.17. This is due to missing or incorrect nonce validation on the factoryreset function. This makes it possible for unauthenticated attackers to reset plugin setting...
Login Lockdown < 2.07 - Admin+ SQLi
Description The plugin does not properly sanitise and escape the iDisplayStart parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
If-So Dynamic Content Personalization < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
WP Chat App < 3.4.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Custom 404 Pro < 3.10.1 - Unauthenticated Stored Cross-Site Scripting via logging
Description The Custom 404 Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several logged parameters in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WP Adminify < 3.1.7 - Authenticated(Administrator+) SQL Injection
Description The WP Adminify plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 3.1.7 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS
Description The plugin does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name PoC Login as subscriber, open...
TheGem < 5.9.2 - Reflected Cross-Site Scripting
Description The TheGem theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 5.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
ZeroBounce Email Verification & Validation < 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The ZeroBounce Email Verification & Validation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Zoho Forms < 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Zoho Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 3.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
BuddyBoss Theme < 2.4.61 - Missing Authorization
Description The BuddyBoss Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unspecified function in all versions up to, and including, 2.4.60. This makes it possible for unauthenticated attackers to change the plugin's settings...
New User Approve < 2.5.2 - Cross-Site Request Forgery via admin_notices
Description The New User Approve plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the adminnotices function. This makes it possible for unauthenticated attackers to dismiss admin...
TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload
Description The TerraClassifieds – Simple Classifieds Plugin plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote...
Related Post < 2.0.54 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Related Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.53 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
HT Mega < 2.3.4 - Arbitrary Plugin/Theme Activation via CSRF
Description The plugin does not have CSRF checks in various functions in its admin/include/template-library.php file, which could allow attackers to make logged in admins activate plugins/themes via CSRF attacks...
Dan's Embedder for Google Calendar < 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Dan's Embedder for Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Local Delivery Drivers for WooCommerce < 1.9.1 - Missing Authorization to Driver Account Takeover
Description The Local Delivery Drivers for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'lddfweditdriverservice' function in all versions up to, and including, 1.9.0. This makes it possible for...
Build App Online <= 1.0.19 - Subscriber+ Privilege Escalation
Description The plugin does not have authorisation in its updateusermetavalue function, allowing any authenticated users, such as subscriber to update arbitrary user metadata and grand themselves administrator privileges...
WooCommerce PDF Invoices < 4.3.0 - Shop Manager+ Arbitrary Options Update
Description The plugin does not have proper authorisation in its JSON import feature, which could allow Shop Manager and above roles to update arbitrary blog options...
Weaver Xtreme < 6.4 - Contributor+ Stored XSS
Description The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta page-head-code. This makes it possible for authenticated...
Hostinger < 1.9.8 - Unauthenticated Maintenance Mode Toggle
Description The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publishwebsite in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance...
EventON < 4.4.1 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing one of the code below: 2.6.x the cmon...
LightStart < 2.6.9 - Subscriber+ Page design Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the inserttemplate function, allowing authenticated attackers, with subscriber-level access and above, to change page designs...
Rencontre – Dating Site < 3.11.2 - Subscriber+ PHP Object Injection
Description The plugin unserializes user input, which could allow any authenticated users, such as subscribers to perform PHP Object Injection when a suitable gadget is present on the blog...
WP Crowdfunding < 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions...
Uncanny Automator < 5.1.0.3 - Sensitive Information Exposure via Log File
Description The Uncanny Automator – Automate everything with the 1 no-code automation and integration plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0.2 via the plugin's log file. This makes it possible for unauthenticated...
Product Table by WBW < 1.8.7 - Cross-Site Request Forgery via saveGroup
Description The Product Table by WBW plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on the saveGroup function. This makes it possible for unauthenticated attackers to modify product...
WP Affiliate Disclosure < 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via $id
Description The WP Affiliate Disclosure plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $id variable in versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Back Button Widget < 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Back Button Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Split Test For Elementor < 1.7.0 - Cross-Site Request Forgery
Description The Split Test For Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.9. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery
Description The TerraClassifieds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to initiate a site takeover...
Checkout Mestres WP < 7.1.9.8 - Unauthenticated SQL Injection
Description The Checkout Mestres WP plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 7.1.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
eCommerce Product Catalog < 3.3.27 - Sensitive Information Exposure via CSV Files
Description The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 3.3.27 exclusive via import and export CSV files. This makes it possible for unauthenticated attackers to extract sensitive data including full...
Job Manager & Career – Manage job board listings, and recruitments < 1.4.5 - Cross-Site Request Forgery to PHP Object Injection
Description The Job Manager & Career – Manage job board listings, and recruitments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the savepluginsettings function. This makes it...