14602 matches found
ProjectHuddle Client Site < 1.0.35 - Missing Authorization via ph_child_ajax_notice_handler
Description The ProjectHuddle Client Site plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'phchildajaxnoticehandler' function in versions up to, and including, 1.0.34. This makes it possible for authenticated attackers, with...
Stylish Price List < 7.0.18 - Missing Authorization
Description The Stylish Price List plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on multiple functions in versions up to, and including, 7.0.17. This makes it possible for authenticated attackers, with contributor-level access a...
WooCommerce Warranty Requests < 2.3.0 - Missing Authorization
Description The WooCommerce Warranty Requests plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to perform an unauthorized action...
RegistrationMagic < 5.2.5.1 - Form Submission Limit Bypass
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to form submission limit bypass in all versions up to, and including, 5.2.5.0 due to insufficient protection logic. This makes it possible for unauthenticat...
Inline Image Upload for BBPress < 1.1.19 - Cross-Site Request Forgery via hm_bbpui_admin_page
Description The Inline Image Upload for BBPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the hmbbpuiadminpage function. This makes it possible for unauthenticated attackers to...
Schema & Structured Data for WP & AMP < 1.24 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
Spam protection, AntiSpam, FireWall by CleanTalk < 6.21 - Counters Reset/Creation via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as reset/create counters...
WooCommerce Easy Duplicate Product < 0.3.0.8 - Missing Authorization via wedp_duplicate_product_action
Description The WooCommerce Easy Duplicate Product plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wedpduplicateproductaction function hooked via AJAX in versions up to, and including, 0.3.0.7. This makes it possible for authenticat...
Duplicator < 1.5.7.1 - Settings Removal via CSRF
Description The plugin does not have CSRF checks when remove some of its options, which could allow attackers to make logged in admins perform such action via a CSRF attack...
EnvíaloSimple < 2.2 Unauthenticated PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed...
AI Power: Complete AI Pack – Powered by GPT-4 < 1.8.3 - Missing Authorization to Sensitive Data Exposure
Description The AI Power: Complete AI Pack – Powered by GPT-4 plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpaicgexportlogscallback function in all versions up to, and including, 1.8.2. This makes it possible for unauthenticated attackers to...
Booster Elite for WooCommerce < 7.1.3 - Subscriber+ Content Injection
Description The Booster Elite for WooCommerce plugin for WordPress is vulnerable to content injection via an unknown parameter in all versions up to and including 7.1.2 due to insufficient capability checks. This makes it possible for authenticated attackers, with subscriber access and above, to...
RegistrationMagic < 5.2.5.1 - IP Spoofing
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.5.0 due to use of user-supplied HTTP headers as a primary method for IP retrieval. This mak...
Advanced Access Manager < 6.9.19 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Crowdsignal Dashboard < 3.1.0 - Rating Update via CSRF
Description The plugin does not have CSRF check in its updaterating function, which could allow attackers to make logged in users admins update ratings via a CSRF attack...
Essential Addons for Elementor < 5.9.3 - Contributor+ Stored XSS
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping...
WooCommerce Canada Post Shipping < 2.8.4 - Unauthenticated Unauthorised Action
Description The plugin does not have authorisation check in an action, which could allow unauthenticated users to perform an unauthorised action...
Malware Scanner < 4.7.2 - IP Spoofing
Description The Malware Scanner plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.7.1 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated...
Simple Staff List < 2.2.5 - Missing Authorization via ajax_flush_rewrite_rules and staff_member_export
Description The Simple Staff List plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ajaxflushrewriterules and staffmemberexport functions in versions up to, and including, 2.2.4. This makes it possible for...
Advanced Access Manager < 6.9.16 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
WooCommerce Stripe Payment Gateway < 7.6.2 - Unauthenticated Order Deletion via IDOR
Description The plugin doe snot properly check for ownership of completed/pending orders, allowing unauthenticated users to put such order in the trash and delete them...
GS Logo Slider < 3.5.2 - Cross-Site Request Forgery
Description The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on an unknown function. This mak...
WooCommerce Product Vendors < 2.2.2 - Missing Authorization
Description The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Floating Button < 6.0.1 - Cross-Site Request Forgery via process_bulk_action
Description The Floating Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to process bulk...
Ecwid Ecommerce Shopping Cart < 6.12.5 - Cross-Site Request Forgery
Description The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.4. This is due to missing nonce validation on several functions hooked via AJAX in the /includes/class-ecwid-admin-storefront-page.php. This...
Block IPs for Gravity Forms < 1.0.2 - Cross-Site Request Forgery
Description The Block IPs for Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
HT Mega < 2.3.9 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape the regbio parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Apollo13 Framework Extensions < 1.9.2 - Cross-Site Request Forgery
Description The Apollo13 Framework Extensions plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on the a13fenavaaddpost and a13fenavadeletepost functions. This makes it possible for...
iFrame < 4.9 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape the srcdoc parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, however given that the malicious JS is limited to the scope of the iframe, there is no practical way to make users su...
Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure
Description The plugin allows any unauthenticated user to read draft and private posts via a crafted request PoC https://example.com/?poststatus=draft https://example.com/?poststatus=private...
Strong Testimonials < 3.1.11 - Settings Update via CSRF
Description The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks, such as update the plugin's settings...
Awesome Support < 6.1.6 - Missing Authorization via wpas_load_reply_history
Description The Awesome Support plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpasloadreplyhistory function in versions up to, and including, 6.1.5. This makes it possible for unauthenticated attackers to load reply history...
Icegram < 3.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Message
Description The Icegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the campaign message field in versions up to, and including, 3.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
Poll Maker < 4.8.1 - Missing Authorization
Description The Poll Maker plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.8.0. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Advanced Access Manager < 6.9.19 - Open Redirect
Description The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect url supplied via params-redirect parameter. This makes it possible for authenticated attackers author and higher to redirect users to potentially malicious sites if they can successfully trick the...
BulkGate SMS Plugin for WooCommerce < 3.0.3 - Missing Authorization via Multiple AJAX Actions
Description The BulkGate SMS Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with subscriber-level...
RegistrationMagic Plugin < 5.2.4.6 - Authenticated(Administrator+) SQL Injection
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to and including 5.2.4.5 due to insufficient escaping on the user supplied parameter and lack o...
BuddyPress < 11.3.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its Members/Groups block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Export Media URLs < 2.0 - Cross-Site Request Forgery
Description The Export Media URLs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via ...
weForms < 1.6.19 - Missing Authorization via export_form_entries
Description The weForms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'exportformentries' function in versions up to, and including, 1.6.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Icegram < 3.1.19 - Cross-Site Request Forgery via save_campaign_preview
Description The Icegram plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.18. This is due to missing or incorrect nonce validation on the savecampaignpreview function. This makes it possible for unauthenticated attackers to save campaign previe...
WooCommerce Shipping Per Product < 2.5.5 - Missing Authorization
Description The WooCommerce Shipping Per Product plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with customer-level access and above, to perform ...
Dynamic Content for Elementor < 2.12.5 - Cross-Site Request Forgery
Description The Dynamic Content for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 2.12.5. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized...
weForms – Easy Drag & Drop Contact Form Builder For WordPress < 1.6.18 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The weForms – Easy Drag & Drop Contact Form Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.6.18 exclusive due to insufficient input sanitization and output escaping. This makes it possible for...
Branda < 3.4.15 - IP Spoofing
Description The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.4.14 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval...
3D Flipbook < 1.15.3 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape the Ready Function field, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
Complianz | GDPR/CCPA Cookie Consent < 6.5.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Media File Renamer < 5.7.8 - Admin+ Remote Code Execution
Description The plugin is vulnerable to Remote Code Execution in all versions up to, and including, 5.7.7. This makes it possible for authenticated attackers, with administrator access and above, to execute code on the server by renaming files containing PHP code...
WP Mail Log Plugin < 1.1.3 - Contributor+ Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the 'sendemail' function. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code...
WooCommerce PDF Invoices < 4.3.1 - Subscriber+ Arbitrary Order Export
Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on theprintpackinglist action. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information...