14602 matches found
Livemesh Addons for WPBakery Page Builder < 3.6 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CSprite <= 1.1 - Cross-Site Request Forgery
Description The CSprite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...
CSV Importer < 0.3.9 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into...
Genesis Simple Love <= 2.0 - Unauthenticated PHP Object Injection
Description The Genesis Simple Love plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...
Structured Content < 1.6 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Adifier System < 3.1.4 - Unauthenticated Local File Inclusion
Description The Adifier System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 3.1.4 exclusive. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...
WP Photo Album Plus < 8.6.01.005 - Cross-Site Scripting
Description The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 8.5.02.005 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
Astra Pro < 4.3.2 - Authenticated(Contributor+) Remote Code Execution via Metabox
Description The Astra Pro Addon plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.3.1 via the ast-advanced-hook-php-code meta field. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the serv...
WP Booking System < 2.0.19.3 - Missing Authorization
Description The WP Booking System plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpbssavecalendardata function in versions up to, and including, 2.0.19.2. This makes it possible for authenticated attackers, with subscriber-level access and above...
Flexible Woocommerce Checkout Field Editor <= 2.0.1 - Missing Authorization
Description The Flexible Woocommerce Checkout Field Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function function in versions up to, and including, 2.0.1. This makes it possible for unauthenticated attackers to perform an...
Bulk Edit Post Titles <= 5.0.0 - Missing Authorization
Description The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform ...
RegistrationMagic < 5.2.3.1 - Missing Authorization
Description The RegistrationMagic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateuserprofile function in versions up to, and including, 5.2.3.0. This makes it possible for unauthenticated attackers to update other user's...
Biteship < 2.2.28 - Shop manager+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Shop Manager and above to perform Stored Cross-Site Scripting attacks...
Product Catalog Feed by PixelYourSite < 2.2.0 - Cross-Site Request Forgery
Description The Product Catalog Feed by PixelYourSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the setdisablestatus, setwpwoofschedule and checkfeedname functions. This makes i...
Couponis Demo < 2.2 - Unauthenticated SQL Injection
Description The Couponis Demo plugin for WordPress is vulnerable to SQL Injection in versions up to 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append addition...
Soledad < 8.4.2 - Reflected Cross-Site Scripting
Description The Soledad theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...
Fix My Feed RSS Repair <= 1.4 - Cross-Site Request Forgery
Description The Fix My Feed RSS Repair plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthoriz...
WooDiscuz – WooCommerce Comments <= 2.3.0 - Cross-Site Request Forgery
Description The WooDiscuz – WooCommerce Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform a...
Digital Publications by Supsystic < 1.7.7 - Cross-Site Request Forgery via AJAX action
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing...
Awesome Support < 6.1.11 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...
Guest Author < 2.4 - Authenticated (Author+) Stored Cross-Site Scripting
Description The Guest Author plugin for WordPress is vulnerable to Stored Cross-Site Scripting via author name in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, ...
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Smart External Link Click Monitor Link Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
Integrate Google Drive < 1.3.5 - Cross-Site Request Forgery
Description The Integrate Google Drive plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
Soledad < 8.4.2 - Authenticated (Contributor+) SQL Injection
Description The Soledad theme for WordPress is vulnerable to SQL Injection in versions up to, and including, 8.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
Ultimate Addons for Contact Form 7 < 3.2.1 - Reflected Cross-Site Scripting
Description The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...
Product Enquiry for WooCommerce < 3.1 - Cross-Site Request Forgery
Description The Product Enquiry for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to...
BCorp Shortcodes <= 0.23 - Unauthenticated PHP Object Injection
Description The BCorp Shortcodes plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.23 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerab...
Structured Content < 1.6 - Contributor+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an...
LiveChat < 4.5.16 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
AppMySite < 3.11.1 - Unauthenticated Information Disclsoure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data...
Elementor Timeline Widget <= 2.0 - Missing Authorization to Notice Dismissal
Description The Elementor Timeline Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices...
Welcart e-Commerce < 2.9.7 - Authenticated (Administrator+) Directory Traversal
Description The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the uploadcertificatefile function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server...
Block for Font Awesome < 1.4.1 -Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Soledad < 8.4.2 - Unauthenticated PHP Object Injection
Description The Soledad theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.4.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable theme. If a...
WappPress < 6.0.0 - Unauthenticated Arbitrary File Upload
Description The plugin is vulnerable to arbitrary file uploads due to missing file type validation, allowing unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible...
Eventin <= 3.3.44 - Missing Authorization
Description The Eventin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 3.3.44. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthoriz...
Sayfa Sayaç <= 2.6 - Unauthenticated PHP Object Injection
Description The Sayfa Sayac plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable...
Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload
Description The Symbiostock – Sell Photos Online For Free! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with shop manager-level access and above, to...
Spiffy Calendar < 4.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Spiffy Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to 4.9.6 exclusive due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak
Description The plugin does not protect file download's passwords, leaking it upon receiving an invalid one. PoC 223 being the ID of a password protected download: curl -X POST --data 'wpdmID=223=json=wpdmgetlink=wpdmajaxcall=123322' https://example.com/wp-json/wpdm/validate-password The response...
Cookie Bar < 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Cookie Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting
Description The Smart External Link Click Monitor Link Log plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WPsoonOnlinePage <= 1.9 - Cross-Site Request Forgery
Description The WPsoonOnlinePage plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized...
WP Photo Album Plus < 8.6.01.003 - Insecure Direct Object Reference
Description The WP Photo Album Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 8.5.02.005 due to missing validation on a user controlled key. This makes it possible for unauthenticated attacker to perform an unauthorized action bas...
Adifier System < 3.1.4 - Unauthenticated SQL Injection
Description The Adifier System plugin for WordPress is vulnerable to SQL Injection in versions up to 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append...
Code Embed < 2.3.7 - Authenticated(Contributor+) Denial of Service
Description The Code Embed plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 2.3.6. This makes it possible for authenticated attackers, with contributor access and above, to disrupt access to the site...
Gift Up < 2.22 - Settings Update via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the consumepost function, allowing unauthenticated attackers to set the plugin's API key and update other plugin settings via a forged request granted they can trick a site...
Webflow Pages <= 1.0.8 - Missing Authorization
Description The Webflow Pages plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 1.0.8. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Dashboard Widgets Suite < 3.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Dashboard Widgets Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
SureTriggers < 1.0.24 - Cross-Site Request Forgery
Description The SureTriggers plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.23. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorized acti...