14602 matches found
WS Form LITE < 1.9.171 - Authenticated(Administrator+) SQL Injection
Description The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.9.171 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WP Job Portal < 2.0.7 - Cross-Site Request Forgery
Description The WP Job Portal – A Complete Job Board plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...
Welcart e-Commerce < 2.9.4 - Authenticated(Editor+) SQL Injection
Description The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 2.9.4 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
WP Remote Site Search < 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP Remote Site Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'maxresults' user supplied attribute. This makes it...
Active Products Tables for WooCommerce < 1.0.6.1 - Unauthenticated PHP Object Injection
Description The Active Products Tables for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is...
Affiliates Manager < 2.9.32 - Cross-Site Request Forgery via multiple AJAX actions
Description The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.31. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to approve, decline,...
HashBar – WordPress Notification Bar < 1.4.2 - Authenticated (Author+) Stored Cross-Site Scripting
Description The HashBar – WordPress Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
Everest Backup < 2.2.0 - Sensitive Information Exposure via Log File
Description The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to 2.2.0 exclusive via the plugin's log file. This makes it possible for unauthenticated attackers to extract...
WP User Profile Avatar < 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The WP User Profile Avatar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...
Everest Forms < 2.0.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Quiz And Survey Master < 8.1.17 - Unauthenticated Unauthorised Action
Description The plugin is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions allowing unauthenticated attackers to invoke this function...
Sensei LMS < 4.18.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is rendered, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Auto Amazon Links < 5.1.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user...
Squirrly SEO - Advanced Pack <= 2.3.8 - Authenticated(Administrator+) SQL Injection
Description The Squirrly SEO - Advanced Pack plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 2.3.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
Uncode Core < 2.8.7 - Reflected Cross-Site Scripting
Description The uncode-core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
Most And Least Read Posts Widget <=2.5.16 - Authenticated(Contributor+) SQL Injection via Widget settings
Description The Most And Least Read Posts Widget plugin for WordPress is vulnerable to SQL Injection via the widget settings in all versions up to 2.5.17 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...
Theme per user < 1.0.2 - Unauthenticated PHP Object Injection
Description The Theme per user plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 1.0.2 exclusive via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If...
Themify Icons < 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Themify Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
BookingPress < 1.0.73 - Authenticated (Contributor+) SQL Injection
Description The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 1.0.72 due to insufficient escaping on the user supplied parameter and lack of...
wpDiscuz < 7.6.13 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Orbit Fox Companion < 2.10.27 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields due to insufficient input sanitization and output escaping on user supplied values, allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in...
Easy PayPal Buy Now Button < 1.8.2 - Cross-Site Request Forgery
Description The Easy PayPal Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this...
Sticky Chat Widget < 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Sticky Chat Widget: WhatsApp, Messenger, Click to chat, SMS, Email, Messages, Call Button, Contact form and more Chat buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.8 due to insufficient input...
Google Photos Gallery with Shortcodes < 4.0.3 - Reflected Cross-Site Scripting
Description The Google Photos Gallery with Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
Page Generator < 1.7.2 - Authenticated(Administrator+) SQL Injection
Description The Page Generator plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to 1.7.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
YITH WooCommerce Product Add-Ons < 4.3.1 - Authenticated(Shop Manager+) PHP Object Injection
Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 4.3.1 exclusive via deserialization of untrusted input in the 'saveaddon' function. This makes it possible for authenticated attackers, with Shop Manager access and...
Customize My Account for WooCommerce < 1.8.4 - Cross-Site Request Forgery via restore_my_account_tabs
Description The Customize My Account for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.3. This is due to missing or incorrect nonce validation on the restoremyaccounttabs function. This makes it possible for unauthenticated...
Slider by Soliloquy < 2.7.3 - Subscriber+ Slider Data Access
Description The Slider by Soliloquy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on a function in versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to view draft...
Awesome Support < 6.1.6 - Cross-Site Request Forgery
Description The Awesome Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.1.5. This is due to missing or incorrect nonce validation on the wpasgetticketrepliesajax and ajaxdeleteattachment functions. This makes it possible for...
Custom Twitter Feeds (Tweets Widget) < 2.2 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
GPT3 AI Content Writer < 1.8.13 - Cross-Site Request Forgery
Description The GPT3 AI Content Writer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.12. This is due to missing or incorrect nonce validation on the wpaicgexportlogscallback function. This makes it possible for unauthenticated attackers to...
WooCommerce Product Vendors < 2.2.3 - Missing Authorization
Description The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action...
LA-Studio Element Kit for Elementor < 1.1.6 - Missing Authorization
Description The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a REST-API endpoint in versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the plugin's...
Molongui < 4.7.4 - Missing Authorization
Description The Molongui plugin for WordPress is vulnerable to unauthorized modification and access of data due to missing capability checks on the authorshipexportoptions and authorshipsaveoptions functions hooked via AJAX in versions up to, and including, 4.7.3. This makes it possible for...
Product Filter by WBW < 2.5.1 - Subscriber+ Table Data Access
Description The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getListForTbl function hooked via AJAX in versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with subscriber-leve...
All-in-one Floating Contact Form < 2.1.4 - Unauthenticated Unauthorised Action
Description The plugin does not have authorisation check in a function, which could allow unauthenticated users to perform an unauthorised action...
WooCommerce Warranty Requests < 2.3.0 - Missing Authorization
Description The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Quotes for WooCommerce < 2.0.2 - Missing Authorization
Description The Quotes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the qwcupdatestatus and qwcsendquote functions hooked via AJAX in all versions up to, and including, 2.0.2. This makes it possible for authenticated...
EnvíaloSimple <= 2.4 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
LearnPress < 4.2.5.8 - Unauthenticated Command Injection
Description The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the getcontent function. This is due to the plugin making use of the calluserfunc function with user input. This makes it possible for unauthenticated attackers to...
Happy Addons for Elementor < 3.10.0 - Contributor+ SSRF
Description The plugin is vulnerable to Server-Side Request Forgery, allowing authenticated attackers, with contributor access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services...
ProfileGrid < 5.6.7 - Missing Authorization
Description The ProfileGrid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 5.6.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized action...
Add Any Extension to Pages < 1.5 - Cross-Site Request Forgery via aaetp_options_page
Description The Add Any Extension to Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'aaetpoptionspage' function. This makes it possible for unauthenticated attackers to...
My Sticky Bar < 2.6.7 - CSV Export via CSRF to Sensitive Information Disclosure
Description The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the...
Crowdsignal Dashboard < 3.1.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WooCommerce Ship to Multiple Addresses < 3.8.10 - Missing Authorization
Description The WooCommerce Ship to Multiple Addresses plugin for WordPress is vulnerable to unauthorized action due to a missing capability check on a function in versions up to, and including, 3.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Sirv < 7.1.3 - Missing Authorization via sirv_disconnect
Description The Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sirvdisconnect function hooked via AJAX in versions up to, and including, 7.1.2. This makes it possible for authenticated attackers, with subscriber-level access a...
Spam protection, AntiSpam, FireWall by CleanTalk < 6.21 - Email Update via CSRF
Description The plugin does not have CSRF check in its apbctsettingsupdateaccountemail function, which could allow attackers to make logged in admins update email address via a CSRF attack...
Rate my Post < 3.4.3 - IP Spoofing
Description The Rate my Post – WP Rating System plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.4.2 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for...
Anti Hacker < 4.35 - Cross-Site Request Forgery via antihacker_ajax_scan
Description The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 4.35 exclusive. This is due to missing or incorrect nonce validation on the 'antihackerajaxscan'...