14602 matches found
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_constants)
Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdconstants function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...
JetEngine < 3.2.5 - Authenticated (Contributor+) Privilege Escalation
Description The JetEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.2.4. This is due to an unknown issue. This makes it possible for authenticated attackers, with contributor-level access and above, to gain elevated privileges...
Doofinder for WooCommerce < 2.1.8 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Track Geolocation Of Users Using Contact Form 7 <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Track Geolocation Of Users Using Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
teachPress < 9.0.6 - Cross-Site Request Forgery via delete_database()
Description The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.5. This is due to missing or incorrect nonce validation on the deletedatabase function. This makes it possible for unauthenticated attackers to clear the database...
WP Cleanfix < 5.7.0 - Subscriber+ Post/Comment/Post Meta Content Replacement
Description The plugin is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the register function, allowing authenticated attackers, with subscriber-level access and above, to find and replace post, comment, and postmeta content as well as...
WP Catalogue <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The WP Catalogue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WOOCS – WooCommerce Currency Switcher < 1.4.1.5 - Cross-Site Request Forgery via delete_profiles_data
Description The WOOCS – WooCommerce Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1.4. This is due to missing or incorrect nonce validation on the deleteprofilesdata function. This makes it possible for unauthenticated...
System Dashboard < 2.8.8 - Missing Authorization to Information Disclosure (sd_global_value)
Description The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sdglobalvalue function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with...
Affiliate Booster < 3.0.6 - Blocks Enabling/Disabling via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to enable or disable all blocks via a forged request granted they can trick a site administrator...
SpeedyCache < 1.1.3 - Authenticated (Subscriber+) Server-Side Request Forgery
Description The SpeedyCache – Cache, Optimization, Performance plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.1.2 via the speedycachecreatetestcache function. This makes it possible for authenticated attackers, subscriber-level access and...
Manage Notification E-mails < 1.8.6 - Missing Authorization
Description The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...
Parallax Slider Block < 1.2.6 - Author+ Stored XSS
Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever...
WP Event Manager < 3.1.42 - Editor+ Stored XSS
Description The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Stored Cross-Site Scripting attacks...
which template file < 5.1.0 - Reflected XSS
Description The plugin does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Innovs HR <= 1.0.3.4 - Reflected Cross-Site Scripting
Description The Innovs HR plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Quantity Plus Minus Button for WooCommerce by CodeAstrology < 1.2.0 Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Automatic Youtube Video Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
Adifier (Premium Theme) < 3.1.4 - Reflected Cross-Site Scripting
Description The Adifier Premium Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
BigCommerce <= 5.0.7 - Unauthenticated Sensitive Information Exposure
Description The BigCommerce For WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.7. This makes it possible for unauthenticated attackers to extract sensitive data...
Formzu WP < 1.6.7 - Contributor+ Stored XSS via id
Description The plugin does not validate and escape the ‘id’ parameter, allowing users with the contributor role and above perform Stored XSS attacks...
CommentLuv <= 4 - Unauthenticated SSRF
Description The plugin is vulnerable to Server-Side Request Forgery via the doclick function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal service...
Abandoned Cart Lite for WooCommerce < 5.16.2 - Missing Authorization via multiple AJAX functions
Description The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 5.16.1. This makes it possible for authenticated attackers,...
Yet Another Stars Rating < 3.4.4 - Missing Authorization via init
Description The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts...
PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure
Description The plugin automatically creates publicly-accessible log files containing sensitive information when transactions occur. PoC https://www.suppliment.lk/wp-content/uploads/payhere-logs/?SD https://www.medic.lk/wp-content/uploads/payhere-logs/?SD...
Email Subscription Popup < 1.2.19 - Reflected Cross-Site Scripting
Description The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTPREFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
BP Better Messages < 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output...
File Gallery <= 1.8.5.4 - Reflected Cross-Site Scripting via post_id
Description The File Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘postid’ parameter in versions up to, and including, 1.8.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
JetEngine < 3.2.5 - Missing Authorization
Description The JetEngine plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action...
Elementor < 3.18.2 - Contributor+ Arbitrary File Upload to RCE via Template Import
Description The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server. PoC 1. Edit a post in Elementor. 2. Import a template...
WP 6.4-6.4.1 - POP Chain
Description WP 6.4 introduced a PHP gadget chain. While the issue is not directly exploitable, it could be used along with a PHP unserialization for example in a plugin or theme installed on the blog to achieve RCE...
Calculated Fields Form < 1.2.41 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
NextScripts < 4.4.3 - Reflected Cross-Site Scripting via code
Description The NextScripts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘code’ parameter in versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...
CF7 Google Sheets Connector < 5.0.6 - Unauthenticated Sensitive Information Exposure via Debug Log
Description The CF7 Google Sheets Connector plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.0.5 via the debug log functionality in google-sheet-connector.php. This makes it possible for unauthenticated attackers to extract sensitive dat...
Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip
Description The Coming soon and Maintenance mode plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 3.7.3 due to the use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for attackers to bypass the coming soon...
Nested Pages < 3.2.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Enhanced Text Widget <= 1.6.2 - Missing Authorization via etw_hide_admin_notification_callback
Description The Enhanced Text Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the etwhideadminnotificationcallback function in versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to hide adm...
Social Pug < 1.30.1 - Missing Authorization via multiple admin_init actions
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions that run on admininit, allowing unauthenticated attackers to update the database...
Aruba HiSpeed Cache < 2.0.7 - Unauthenticated Log File Access
Description The plugin is vulnerable to Sensitive Information Exposure via the plugin's log file, allowing unauthenticated attackers to extract sensitive data including debug and trace information...
Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization
Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX actions in versions up to, and including, 5.36.0. This makes it possible for authenticated attackers with subscriber level...
Optimize Database after Deleting Revisions < 5.1 - Missing Authorization via 'odb_csv_download'
Description The Optimize Database after Deleting Revisions plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 5.0.110. This is due to a missing capability check on the 'odbcsvdownload' function which is hooked via admininit. This makes it possible for...
RegistrationMagic < 5.2.4.2 - Reflected Cross-Site Scripting via section_id
Description The RegistrationMagic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘sectionid’ parameter in versions up to, and including, 5.2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Media File Renamer < 5.7.0 - Sensitive Information Exposure via Log File
Description The Media File Renamer: Rename Files Manual, Auto & AI plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.9 via the logging functionality. This makes it possible for unauthenticated attackers to extract sensitive data includi...
Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eaeshortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the 'link' user supplied attribute. This makes it possible for...
ArtPlacer Widget < 2.20.7 - Editor+ SQLi
Description The plugin does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor or above PoC As an editor, open...
WP Retina 2x < 6.4.6 - Sensitive Information Exposure
Description The Perfect Images Manage Image Sizes, Thumbnails, Replace, Retina plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.5 due to guessable log file names. This makes it possible for unauthenticated attackers to extract sensitiv...
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Unauthenticated SQL Injection via search terms
Description The HUSKY – Products Filter for WooCommerce formerly WOOF plugin for WordPress is vulnerable to generic SQL Injection via search terms in versions up to, and including, 1.3.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existi...
Responsive Lightbox < 2.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via name
Description The Responsive Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...
JetFormBuilder < 3.1.5 - Unauthenticated Content Injection
Description The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to content injection in all versions up to, and including, 3.1.4. This makes it possible for unauthenticated attackers to inject content onto the site...
Site Offline < 1.5.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...