14602 matches found
Export and Import Users and Customers < 2.4.9 - Shop Manager+ Arbitrary File Upload
Description The plugin does not properly check uploaded files via the uploadimportfile function, allowing users with the Shop Manager role and above to upload arbitrary files...
Image Regenerate & Select Crop < 7.3.1 - Sensitive Information Exposure
Description The plugin discloses sensitive information via log files which are publicly accessibe...
PayTR Taksit Tablosu <= 1.3.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CAOS < 4.7.15 - Unauthenticated Settings Update
Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them...
Import and export users and customers < 1.24.3 - Admin+ Arbitrary File Read/Deletion
Description The plugin is vulnerable to Directory Traversal via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain...
Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution
Description The plugin does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell. PoC 1. Create a malicious file exploit.php with the contents 2...
Ultimate Dashboard < 3.7.11 - Login Page Disclosure on Multi-site
Description The plugin is vulnerable to secret login page disclosure, allowing unauthenticated attackers to discover the secret login page URL on multi-site instances...
WP Go Maps < 9.0.28 - Unauthenticated Stored XSS
Description The plugin does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. PoC Run the following Python script, then visit https://vulnerable-site.tld/wp-admin/admin.php?page=wp-google-maps-menu=editid=1. Alternatively,...
Master Addons for Elementor < 2.0.4 - Contributor+ Stored XSS
Description The plugin does not validate and escape its heading tag dropdown before outputting it back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Maspik – Spam blacklist < 0.10.4 - IP Validation Bypass
Description The plugin does not properly validates IP addresses, allowing unauthenticated attackers to bypass IP-based restrictions...
Import and export users and customers < 1.24.4 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Bold Page Builder < 4.7.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
DoFollow Case by Case < 3.5.0 - Email&URLs Adding to Allowlist via CSRF
Description The plugin does not have CSRF checks in its getEmail and getUrl functions, which could allow attackers to make logged in admins add email and URLs to the allow list via CSRF attacks...
Backup Migration < 1.3.8 - Unauthenticated RCE
Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated...
Social Media Feather < 2.1.4 - Subscriber+ Unauthorised Action
Description The plugin does not have authorisation in a function, allowing any authenticated users, such as subscriber to call it...
Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure
Description The plugin does not prevent directory listing in sensitive directories containing export files. PoC http://127.0.0.1/wordpress/wp-content/uploads/prime-mover-export-files/1/ 0 Go to packages and crate new If there is no backup now 1 Go to this URL manualy 2 Use Exploit...
Google Calendar Events < 3.2.8 - Contributor+ Stored XSS via shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Ibtana – WordPress Website Builder < 1.2.2.1 - Contributor+ Stored XSS via Shortcode
Description The plugin does not validate and escape some of its ive shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Shortcoder < 6.3.1 - Subscriber+ Unauthorised AJAX Call
Description The plugin does not have proper authorisation in an AJAX action, allowing any authenticated users, such as subscriber to call it...
affiliate-toolkit < 3.4.3 - Unauthenticated SSRF
Description The plugin lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkpimagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery...
WooCommerce Payments < 6.5.0 - Contributor+ Cross-Site Scripting
Description The plugin does not validate and escape some of its block attributes before outputting them back in a page/post where the block is rendered, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Shortcodes and extra features for Phlox theme < 2.15.5 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Burst Statistics (Free < 1.5.0, Pro < 1.5.1) - Unauthenticated SQL Injection
Description The plugins do not properly sanitise and escape the url parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated users, such as subscribers PoC curl 'https://example.com/burst-statistics-endpoint.php' \ -H 'content-type:...
Popup Builder < 4.2.3 - Unauthenticated Stored XSS
Description The plugin does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. PoC 1 Create a popup using the plugin 2 Run the following curl command, switching $POPUPID with that popup's ID: curl --url...
Tutor LMS < 2.3.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Spectra < 2.7.10 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to Get TripAdvisor Reviews...
WP Project Manager < 2.6.9 - Subscriber+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected...
Login With Ajax < 4.2 - Missing Authorization
Description The Login With Ajax plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...
Custom Login < 4.1.1 - Subscriber+ Unauthorised Action
Description The plugin does not have proper authorisation in an unknown function, allowing any authenticated attackers, such as subscribers, to perform an unauthorized action...
Redirects <= 1.2.1 - Missing Authorization
Description The Redirects plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on tan unknown function in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action...
WP Project Manager < 2.6.8 - Missing Authorization
Description The WP Project Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Optin Forms <= 1.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Optin Forms – Simple List Building Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for...
First Order Discount Woocommerce < 1.22 - Discount Update via CSRF
Description The plugin does not have CSRF check in its fodwsavediscount function, which could allow attackers to make logged in admins update discounts via a CSRF attack...
Awesome Support < 6.1.8 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing unauthenticated attackers to perform an unauthorized action...
Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.2 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing unauthenticated attackers to perform an unauthorized action...
WP Simple HTML Sitemap < 2.8 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing unauthenticated attackers to perform an unauthorized action...
Multi Currency For WooCommerce < 1.5.6 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into...
Annual Archive <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Annual Archive plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
Author Avatars List/Block < 2.1.19 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Advanced Page Visit Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
Square Thumbnails <= 1.1.0 - Missing Authorization
Description The Square Thumbnails plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action...
BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter <= 1.49.3 - Cross-Site Request Forgery
Description The BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.49.3. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for...
Custom Post Type Page Template <= 1.1 - Cross-Site Request Forgery
Description The Custom Post Type Page Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
Caddy < 1.9.8 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Alt Manager < 1.6.2 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing unauthenticated attackers to perform an unauthorized action...
Rocket Maintenance Mode & Coming Soon Page < 4.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Smart Forms < 2.6.85 - Subscriber+ Arbitrary Options Update
Description The plugin does not have authorisation in an AJAX action hooked to smartformssavesettings, and does not ensure that the option to be updated belong to the plugin. As a result, any authenticated users, such as subscriber could update arbitrary options such as defaultrole and...
Alma < 5.2.1 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injecte...
WPPerformanceTester <= 2.0.0 - Cross-Site Request Forgery
Description The WPPerformanceTester plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorize...