14602 matches found
AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Cross-Site Request Forgery
Description The AdFoxly – Ad Manager, AdSense Ads & Ads.txt plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.5. This is due to missing or incorrect nonce validation on several functions in the /includes/class-adfoxly-ajax.php file. This makes ...
HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting
Description The HDW Player Plugin Video Player & Video Gallery plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
List all posts by Authors, nested Categories and Title < 2.8.3 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Post Duplicator < 2.32 - Missing Authorization via mtphr_duplicate_post
Description The Post Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtphrduplicatepost function in versions up to, and including, 2.31. This makes it possible for authenticated attackers, with contributor-level access an...
Button Generator – easily Button Builder < 2.3.9 - Missing Authorization
Description The Button Generator – easily Button Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the function btgcount function in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to res...
LadiApp <= 4.4 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function This makes it possible for authenticated attackers, with subscriber-level access and above, to make use of the unprotected...
Importify < 1.0.5 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration data...
Abandoned Cart Lite for WooCommerce < 5.16.2 - Missing Authorization via multiple AJAX functions
Description The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 5.16.1. This makes it possible for authenticated attackers,...
Yet Another Stars Rating < 3.4.4 - Missing Authorization via init
Description The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts...
PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure
Description The plugin automatically creates publicly-accessible log files containing sensitive information when transactions occur. PoC https://www.suppliment.lk/wp-content/uploads/payhere-logs/?SD https://www.medic.lk/wp-content/uploads/payhere-logs/?SD...
Email Subscription Popup < 1.2.19 - Reflected Cross-Site Scripting
Description The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)
Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdphpinfo function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...
Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Aparat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
WP Pocket URLs <= 1.0.2 - Reflected Cross-Site Scripting
Description The WP Pocket URLs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
Database for CF7 < 1.2.5 - Subscriber+ CF7 DB Entries Deletion
Description The plugin is vulnerable to unauthorized loss of data due to a missing capability check on the wpcf7dbdelete AJAX function, allowing authenticated attackers, with subscriber-level access and above, to delete CF7 Database entries...
MkRapel Regiones y Ciudades de Chile para WC <= 4.3.0 - Cross-Site Request Forgery via multiple functions
Description The MkRapel Regiones y Ciudades de Chile para WC plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on multiple settings functions. This makes it possible for unauthenticated...
Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Client Dash plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
KP Fastest Tawk.to Chat <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The KP Fastest Tawk.to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
SVGator – Add Animated SVG Easily < 1.2.5 - API Token Update/Deletion & Import Projects via CSRF
Description The plugin does not have CSRF checks when updating and deleting API token as well as importing projects, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
GDPR Cookie Consent by Supsystic <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The GDPR Cookie Consent by Supsystic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Piotnet Forms < 1.0.29 - Unauthenticated Arbitrary File Upload
Description The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetformsajaxformbuilder' function in versions up to, and including, 1.0.28. This makes it possible for unauthenticated attackers to upload arbitrary file...
10to8 Online Appointment Booking System < 1.1.0 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
PowerPack Pro for Elementor < 2.9.24 - Reflected Cross-Site Scripting
Description The PowerPack Pro for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.9.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
affiliate-toolkit – WordPress Affiliate Plugin < 3.4.4 - Reflected Cross-Site Scripting via keyword
Description The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the keyword parameter in versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_option_value)
Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdoptionvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...
BrainCert – HTML5 Virtual Classroom <= 2.0 - Reflected Cross-Site Scripting
Description The BrainCert – HTML5 Virtual Classroom plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Ads by datafeedr.com <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ads by datafeedr.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Chat Bubble <= 2.4 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Business Directory Plugin < 6.3.11 - Cross-Site Request Forgery
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Prevent Landscape Rotation < 2.1 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS
Description The plugin does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins...
WordPress Brute Force Protection < 2.2.6 - Admin+ SQLi
Description The plugin does not properly sanitise and escape the orderby parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
RegistrationMagic < 5.2.3.0 - Cross-Site Request Forgery
Description The RegistrationMagic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.2.6. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unauthorize...
Bravo Translate <= 1.2 - Authenticated (Administrator+) SQL Injection
Description The Bravo Translate plugin for WordPress is vulnerable to SQL Injection via multiple parameters in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection
Description The MSync plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with...
MyTube PlayList <= 2.0.3 - Reflected Cross-Site Scripting via addplaylistid
Description The MyTube PlayList plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘addplaylistid’ parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Event post < 5.9.1 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Social Share Buttons & Analytics Plugin < 4.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Advanced Database Cleaner < 3.1.3 - Authenticated (Administrator+) SQL Injection
Description The Advanced Database Cleaner plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 3.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Machic Core <= 1.2.6 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
teachPress < 9.0.5 - Cross-Site Request Forgery
Description The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a...
Button Generator – easily Button Builder < 2.3.9 - Cross-Site Request Forgery
Description The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.8. This is due to missing nonce validation on the btgcount function. This makes it possible for unauthenticated attackers to reset the...
WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery
Description The WooCommerce Login Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.4. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this...
Seraphinite Accelerator < 2.20.29 - Reflected Cross-Site Scripting via rt
Description The Seraphinite Accelerator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘rt’ parameter in versions up to, and including, 2.20.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Credit Tracker <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Credit Tracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_db_specs)
Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sddbspecs function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...
Backup Migration Staging < 1.3.6 - Sensitive Data Exposure
Description The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. PoC 1 Run a backup of the site 2 Notice the following files are all publicly available while...
JetElements For Elementor < 2.6.13.1 - Missing Authorization to Unauthenticated Arbitrary Attachment Download
Description The JetElements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on an unknown function in all versions up to, and including, 2.6.13. This makes it possible for unauthenticated attackers to download arbitrary attachments...
Currency Converter Calculator < 1.3.2 - Contributor+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...
Powr Pack <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Contact Form – Custom Builder, Payment Form, and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes...