14602 matches found
MStore API < 4.10.2 - Cross-Site Request Forgery
Description The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 4.10.2 exclusive. This is due to missing or incorrect nonce validation in the templates/admin/mstore-api-admin-dashboard.php file. This makes it possible for unauthenticated attackers...
Happy Addons for Elementor (Free < 3.10.0, Pro < 2.10.0) - Reflected Cross-Site Scripting
Description The plugins are vulnerable to Reflected Cross-Site Scripting via DOM due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into...
WP Optin Wheel < 1.4.3 - Sensitive Information Exposure via Log File
Description The WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the plugin's debug log file. This makes it possible for unauthenticated attackers...
Ultimate Addons for WPBakery < 3.19.18 - Cross-Site Request Forgery
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.19.17. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform...
Affiliates Manager < 2.9.31 - Sensitive Information Exposure via Log File
Description The Affiliates Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.30 via the plugin's log files. This makes it possible for unauthenticated attackers to extract sensitive data including plugin configuration and debug...
FastDup < 2.1.8 - Sensitive Information Exposure via Log File
Description The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.7 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including...
Custom Post Carousels with Owl < 1.4.7 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Custom Post Carousels with Owl plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and...
Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass
Description The Login as User or Customer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.8. This makes it possible for unauthenticated attackers to login as another user and escalate their privileges...
White Label < 2.9.1 - Cross-Site Request Forgery via white_label_reset_wl_admins
Description The White Label plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.0. This is due to missing or incorrect nonce validation on the whitelabelresetwladmins function. This makes it possible for unauthenticated attackers to reset plugin...
Restaurant Reservations < 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Restaurant Reservations plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, ...
Rencontre – Dating Site < 3.11 - Privilege Escalation
Description The Rencontre plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.10.1. This is due to an unknown issue. This makes it possible for unauthenticated attackers to gain elevated privileges...
Active Products Tables for WooCommerce < 1.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output...
Events Shortcodes & Templates For The Events Calendar < 2.3.2 - Authenticated (Contributor+) SQL Injection via shortcode
Description The Events Shortcodes & Templates For The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 2.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
WPC Product Bundles for WooCommerce < 7.3.2 - Cross-Site Request Forgery
Description The WPC Product Bundles for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.3.1. This is due to missing or incorrect nonce validation on several functions in /includes/class-woosb.php. This makes it possible for...
GEO my WordPress < 4.0.3 - Authenticated(Administrator+) SQL Injection
Description The GEO my WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to 4.0.3 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers,...
WP Frontend Profile < 1.3.2 - Unauthenticated Privilege Escalation
Description The plugin is vulnerable to privilege, allowing unauthenticated attackers to take over arbitrary accounts on the site...
Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection
Description The Clockwork SMS Notfications plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...
Impreza < 8.18 - Reflected Cross-Site Scripting
Description The Impreza – WordPress Website and WooCommerce Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 8.17.4 due to insufficient input sanitization and output escaping. This makes it possible for...
WP Tabs < 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Tabs – Responsive Tabs Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...
Beaver Builder < 2.7.2.1 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some of its settings available to Contributor and above roles, which could allow them to perform Stored Cross-Site Scripting attacks...
Simply Schedule Appointments < 1.6.6.1 - Authenticated(Administrator+) SQL Injection
Description The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.6.6.1 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient...
WebinarIgnition < 3.05.1 - Unauthenticated SQL Injection
Description The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.05.0 due to insufficient escaping on the user supplied...
WPCS – WordPress Currency Switcher Professional < 1.2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
HUSKY < 1.3.4.4 - Multiple Connections/Stats CSRF
Description The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions related to connections and stats features via CSRF attacks...
Easy Digital Downloads < 3.2.6 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
SlickNav Mobile Menu < 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The SlickNav Mobile Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WP Review Slider < 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Checkout Mestres WP < 7.1.9.8 - Authentication Bypass via Password Reset
Description The plugin is vulnerable to authentication bypass due to a weak password reset functionality, allowing unauthenticated attackers to reset the password of arbitrary users to a guessable value based on the current time...
404 Solution < 2.33.1 - Sensitive Information Exposure via Log File
Description The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.33.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including plugin configuration and debug data...
WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.2.0 - Unauthorized Sensitive Data Exposure
Description The plugin allows access to cache files during the cloning process which provides unauthorized access to sensitive data PoC 1 When an admin creates a staging site, an attacker can capture a .cache file which reveals sensitive information including: DBname, DBtables, DBcolumns. 2 These...
BookIt < 2.4.4 - Authenticated(Administrator+) SQL Injection
Description The Booking Calendar | Appointment Booking | BookIt plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.4.4 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
Brave Popup Builder < 0.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping...
Send Users Email < 1.4.4 - Sensitive Information Exposure via Error Logs
Description The Send Users Email plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via the plugin's error logs. This makes it possible for unauthenticated attackers to extract sensitive data about the plugin and site configuration...
Stock Ticker < 3.23.5 - Authenticated (Contributor+) Stored Cross-Site Scritping
Description The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
Build App Online <= 1.0.19 - Unauthenticated Account Takeover via Weak Password Reset Mechanism
Description The plugin is vulnerable to account takeover due to a weak password reset mechanism, allowing unauthenticated attackers to reset the password of arbitrary users by guessing an 8-digit numeric reset code...
Fluent Support < 1.7.7 - Authenticated(Administrator+) SQL Injection
Description The Fluent Support – WordPress Helpdesk and Customer Support Ticket Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.7.7 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
Checkout Mestres WP < 7.1.9.8 - Missing Authorization to Unauthenticated Arbitrary Options Update
Description The Checkout Mestres WP plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.1.9.6. This makes it possible for unauthenticated attackers to update arbitrary site options...
NEX-Forms – Ultimate Form Builder < 8.5.5 - Cross-Site Request Forgery
Description The NEX-Forms – Ultimate Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an...
Product Catalog Simple < 1.7.7 - Sensitive Information Exposure via Product CSV
Description The Product Catalog Simple plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 1.7.7 exclusive via Import and Export Product CSV files. This makes it possible for unauthenticated attackers access and above, to extract sensitive data including ful...
Profile Builder < 3.10.8 - Contributor+ User Metadata Disclosure
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the wppbtoolboxusermetahandler function allowing authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata...
Image Source Control < 2.17.1 - Sensitive Information Exposure via Log File
Description The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data...
Rise Blocks – A Complete Gutenberg Page Builder < 3.2 - Cross-Site Request Forgery
Description The Rise Blocks – A Complete Gutenberg Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated...
E2Pdf < 1.20.24 - Authenticated(Administrator+) SQL Injection
Description The E2Pdf – Export To Pdf Tool for WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.20.24 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Simple Job Board < 2.10.7 - Cross-Site Request Forgery
Description The Simple Job Board plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...
Simple Job Board < 2.10.6 - Missing Authorization
Description The Simple Job Board plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.10.5. This makes it possible for unauthenticated attackers to perform an unauthorized action...
CBX Bookmark & Favorite < 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The CBX Bookmark & Favorite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abov...
ARI Stream Quiz < 1.3.1 - Authenticated (Contributor+) PHP Object Injection
Description The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor access or higher to injec...
Advanced Form Integration < 1.76.0 - Authenticated(Administrator+) SQL Injection
Description The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.76.0 exclusive due to insufficient escaping on the user supplied parameter a...
Funnel Builder for WordPress by FunnelKit < 2.14.4 - Authenticated(Administrator+) SQL Injection
Description The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits plugin for WordPress is vulnerable to SQL Injection in all versions up to 2.14.4 exclusive due to insufficient escaping on the user supplied parameter and lack...
Database Cleaner < 0.9.9 - Sensitive Information Exposure via Log File
Description The Database Cleaner: Clean, Optimize & Repair plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.8 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data including system an...