14602 matches found
Pretty Google Calendar < 1.6.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via pretty_google_calendar shortcode
Description The Pretty Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization
Description The PayTR Taksit Tablosu plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on one of its functions in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to invoke this function with an unclear...
WP Roadmap < 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Roadmap – Product Feedback Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Community by PeepSo < 6.2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via user avatars in all versions up to, and including, 6.2.2.0 due to insufficient input sanitization and output escaping on user supplie...
WP Githuber MD < 1.16.3 - Authenticated (Author+) Arbitrary File Upload
Description The WP Githuber MD – WordPress Markdown Editor plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.16.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's...
WC Vendors Marketplace < 2.4.7.1 - Authenticated (Shop manager+) SQL Injection via search dates
Description The WC Vendors Marketplace plugin for WordPress is vulnerable to SQL Injection via search date parameters in versions up to, and including, 2.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
WP VK-付费内容插件 < 1.3.4 - Cross-Site Request Forgery via AJAX actions
Description The plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on several of its AJAX actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request...
WPSchoolPress < 2.2.5 - Cross-Site Request Forgery
Description The WPSchoolPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.4. This is due to missing nonce validation on several functions called via AJAX actions in the /lib/wpsp-ajaxworks.php file. This makes it possible for...
Multi Step Form < 1.7.13 - Form Update/Deletion via CSRF
Description The plugin does not have CSRF checks when deleting, updating and duplicating forms, which could allow attackers to make logged in admins perform such actions via CSRF attacks...
Perfmatters < 2.1.7 - Missing Authorization
Description The Perfmatters plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on one of its functions in all versions up to, and including, 2.1.6. This makes it possible for subscriber-level attackers to invoke this function...
BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read
Description The plugin discloses the content of password protected posts to unauthenticated users via a meta tag PoC In the web browser, view the source of any password protected post and check the og:description meta tag...
Accelerated Mobile Pages < 1.0.89 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.88.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload
Description Multiple plugins for WordPress by Trustindex.io are vulnerable to arbitrary file uploads due to missing file type validation in the /tabs/featurerequest.php file in various versions. This makes it possible for authenticated attackers, with editor-level access and above, to upload...
Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation
Description The Salon booking system plugin for WordPress is vulnerable to privilege escalation in all versions up to, but excluding, 8.7. This makes it possible for authenticated attackers, with editor-level access and above, to escalate their privileges to that of an administrator...
License Manager for WooCommerce < 2.2.11 - Authenticated (Administrator+) SQL Injection
Description The License Manager for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...
Booster for WooCommerce < 7.1.2 - Authenticated (Subscriber+) Information Disclosure via Shortcode
Description The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcjgetoption' shortcode in versions up to, and including, 7.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers,...
Grab & Save <= 1.0.4 - Reflected Cross-Site Scripting
Description The Grab & Save plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Parallax Image < 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Display Custom Post <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Display Custom Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Bit Assist < 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Bit Assist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Educare < 1.4.7 - Missing Authorization to Sensitive Information Exposure
Description The Educare plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the educaregetdatafromstudents function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers, with subscriber-level permissions and...
TriPay Payment Gateway < 3.2.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
ChatBot < 4.7.9 - Authenticated (Administrator+) SQL Injection
Description The AI ChatBot plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in all versions up to, and including, 4.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Booster for WooCommerce < 7.1.2 - Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure
Description The Booster for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the initatts function in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with subscriber-level access and...
Simply Exclude <= 2.0.6.6 - Reflected Cross-Site Scripting
Description The Simply Exclude plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Contact Form Email < 1.3.42 - Captcha Bypass
Description The Contact Form Email plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.3.41. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...
Import Spreadsheets from Microsoft Excel < 10.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Import Spreadsheets from Microsoft Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 10.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Bootstrap Shortcodes Ultimate <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Bootstrap Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
Landing Page Builder < 1.5.1.6 - Open Redirect
Description The Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.5.1.5. This is due to insufficient validation on the redirect url supplied via user input or request...
Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Description The Perfmatters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to 2.2.0 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or...
Perfmatters < 2.1.7 - Reflected Cross-Site Scripting
Description The Perfmatters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
Community by PeepSo < 6.2.7.0 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
Fast Custom Social Share by CodeBard <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Fast Custom Social Share by CodeBard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
myCred < 2.6.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.0 - Insecure Direct Object Reference to Information Disclosure
Description The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible...
Salient Core < 2.0.3 - Reflected Cross-Site Scripting
Description The salient-core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE
Description The plugin loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. PoC 1. As an admin, visit rtMedia Settings Export/Import. 2. Click the "Browse File" button beside "Import rtMedia Settings". 3. Upload a file with the...
eDoc Employee Job Application <= 1.13 - Reflected Cross-Site Scripting
Description The eDoc Employee Job Application – Best WordPress Job Manager for Employees plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping. This makes ...
Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The SpiderVPlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Mollie Payments for WooCommerce < 7.3.12 - Authenticated (Shop Manager+) Arbitrary File Upload
Description The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in one of its functions in all versions up to, and including, 7.3.11. This makes it possible for authenticated attackers, with Shop Manager access to...
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload
Description The CataBlog plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access and above to upload arbitrary files on the affected site's server which may make remote code...
CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion
Description The CataBlog plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access or higher to delete arbitrary files on the affected site's server which may make site takeover...
WP Discord Invite < 2.5.1 - Reflected Cross-Site Scripting via webhook
Description The WP Discord Invite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘webhook’ parameter in versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Easy Social Icons < 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Easy Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WP Forms Puzzle Captcha <= 4.1 - Captcha Bypass
Description The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Captcha Bypass in versions up to, and including, 2.8. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...
Link Whisper Free < 0.6.6 - Authenticated (Contributor+) SQL Injection
Description The Link Whisper Free plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 0.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...
Captcha Code < 3.0 - Captcha Bypass
Description The Captcha Code plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.9. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...
Tainacan < 0.20.5 - Reflected Cross-Site Scripting
Description The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.20.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Yoast SEO < 21.1 - Authenticated (Seo Manager+) Stored Cross-Site Scripting
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 21.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with seo manager-level access and above, to inject...
Booking Calendar < 9.7.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Description The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 9.7.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...