14602 matches found
Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks < 2.2.81 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization...
Qi Blocks < 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploader in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
Image Hover Effects for Elementor with Lightbox and Flipbox <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id, oxi_addons_f_title_tag, and content_description_tag Parameters
Description The Image Hover Effects for Elementor with Lightbox and Flipbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id', 'oxiaddonsftitletag', and 'contentdescriptiontag' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitizati...
Materialis Companion < 1.3.42 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode
Description The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
Boostify Header Footer Builder for Elementor <= 1.3.3 - Missing Authorization to Page/Post Creation
Description The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createbhfpost function in all versions up to, and including, 1.3.3. This makes it possible for authenticated attackers, wit...
Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
Description The plugin allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved. PoC 1. Open the Wordpress where the plugin is installed with default...
Simple Spoiler <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Simple Spoiler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF
Description The plugin does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC Make a logged in admin open an HTML file containing:...
Smartarget Message Bar <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Smartarget Message Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EasyAzon – Amazon Associates Affiliate Plugin <= 5.1.0 - Reflected Cross-Site Scripting via easyazon-cloaking-locale
Description The EasyAzon – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘easyazon-cloaking-locale’ parameter in all versions up to, and including, 5.1.0 due to insufficient input sanitization and output escaping. This makes it...
Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a "Video Widget" to a widge...
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Description The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. Thi...
Slider Revolution < 6.7.0 - Missing Authorization
Description The Slider Revolution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the initrestapi function in versions up to 6.7.0. This makes it possible for unauthenticated attackers to update slider data...
Magical Addons For Elementor < 1.1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Magical Addons For Elementor Header Footer Builder, Free Elementor Widgets, Elementor Templates Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.1.39 due to insufficient input sanitization and...
Simple Image Popup Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Simple Image Popup Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sipspopup' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Open Graph < 1.11.3 - Unauthenticated Sensitive Information Exposure
Description The Open Graph plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.2 via the 'opengraphdefaultdescription' function. This makes it possible for unauthenticated attackers to extract sensitive data including partial content of...
Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via URLs
Description The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Wbcom Designs - Custom Font Uploader < 2.4.0 - Missing Authorization to Font Deletion
Description The Wbcom Designs – Custom Font Uploader plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cfudeletecustomfont' function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with...
Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets
Description The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient inp...
The Moneytizer <= 9.5.20 - Cross-Site Request Forgery via multiple AJAX actions
Description The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and...
Login/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options Update
Description The Login/Signup Popup Inline Form + Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'importsettings' function in versions 2.7.1 to 2.7.2. This makes it possible for authenticated attackers, with...
BuddyPress Members Only <= 3.3.5 - Improper Access Control to Sensitive Information Exposure via REST API
Description The BuddyPress Members Only plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.5 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "All Other Sections On Your Site Will be Opened to...
Testimonials Widget <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode
Description The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Random Banner <= 4.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Random Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Colibri Page Builder < 1.0.277 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Preferred Languages < 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Preferred Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Slider Revolution < 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...
Simple Photoswipe <= 0.1 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1 As admin, go to plugin settings...
Church Admin < 4.4.0 - Authenticated (Admin+) Server-Side Request Forgery
Description The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from t...
Clever Addons for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple CAFE Widgets
Description The Clever Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CAFE Icon, CAFE Team Member, and CAFE Slider widgets in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible...
Integration for Contact Form 7 and Constant Contact <= 1.1.5 - Cross-Site Request Forgery
Description The Integration for Contact Form 7 and Constant Contact plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to...
WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deletepayment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers ...
Custom Dash <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Custom Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Restaurant Menu and Food Ordering < 2.4.17 - Missing Authorization to Menu Creation
Description The Restaurant Menu and Food Ordering plugin for WordPress is vulnerable to unauthorized creation of data due to a missing capability check on 'addsection', 'addmenu', 'addmenuitem', and 'addmenupage' functions in all versions up to, and including, 2.4.16. This makes it possible for...
Google CSE <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Google CSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Easy Table of Contents < 2.0.66 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC You should create new post with two more heading. Go to the settings of the plugin an...
Global Notification Bar <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Global Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Qi Addons For Elementor < 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button widgets in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Safety Exit < 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Safety Exit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Woocommerce – Recent Purchases <= 1.0.1 - Authenticated (Admin+) Local File Inclusion
Description The Woocommerce – Recent Purchases plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the serve...
Themesflat Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags
Description The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
ActiveDEMAND <= 0.2.43 - Cross-Site Request Forgery
Description The ActiveDEMAND plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.43. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown actio...
MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution < 4.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation Parameter
Description The MultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hoveranimation’ parameter in all versions up to, and including, 4.1.11 due to insufficient input sanitization and output escaping. Thi...
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. PoC 1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The...
Ninja Tables – Easiest Data Table Builder < 5.0.10 - Authenticated (Admin+) Server-Side Request Forgery
Description The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary...
ElementsReady Addons for Elementor <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Site Favicon < 0.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Site Favicon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Just Writing Statistics < 4.6 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Just Writing Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a checklist and for an item...
Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion
Description The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.15 via the 'dropzonehash' parameter. This makes it possible for unauthenticated attackers to copy the contents of arbitrary files on the server, which can...