14602 matches found
Cloud Templates & Patterns collection < 1.2.3 - Sensitive Information Exposure via Log File
Description The Cloud Templates & Patterns collection plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.2 via a log file with a predictable name. This makes it possible for unauthenticated attackers to extract sensitive data...
Analytify Dashboard < 5.2.0 - Cross-Site Request Forgery
Description The Analytify – Google Analytics Dashboard For WordPress GA4 analytics made easy plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the sendanalyticsemail function. This...
Essential Blocks for Gutenberg < 4.2.1 - Missing Authorization via AJAX actions
Description The Essential Blocks for Gutenberg plugin for WordPress is vulnerable to unauthorized access to AJAX actions due to a missing capability check on several functions in versions up to, and including, 4.2.0. This makes it possible for authenticated attackers, with subscriber-level access...
Simple 301 Redirects by BetterLinks < 2.0.8 - Missing Authorization via clicked
Description The Simple 301 Redirects by BetterLinks plugin for WordPress is vulnerable to unauthorized enabling of plugin usage tracking due to a missing capability check on the clicked function in all versions up to, and including, 2.0.7. This makes it possible for subscribers to enable plugin...
Conditional Fields for Contact Form 7 < 2.4.2 - Missing Authorization
Description The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on an unknown function in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with...
Brands for WooCommerce < 3.8.2.3 - Cross-Site Request Forgery
Description The Brands for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.2.2. This is due to missing nonce validation on the clearcacheajax, saveorder, and saveallorders functions hooked via AJAX actions. This makes it possible...
Redirection for Contact Form 7 < 3.0.0 - Missing Authorization
Description The Redirection for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportcurrentfilteredview function hooked via admininit in versions up to, and including, 2.9.2. This makes it possible for unauthenticated...
Defender Security < 4.2.1 - Masked Login Area Security Feature Bypass
Description The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 4.2.0. This is due to an unspecified issue. This makes it possible for unauthenticated attackers to bypass the login...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Settings Update
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtmediaadminupload function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers,...
Email Encoder < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
MW WP Form < 5.0.0 - Missing Authorization
Description The MW WP Form plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 4.4.5. This makes it possible for unauthenticated attackers to perform unauthorized actions...
Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions
Description The Visitors Traffic Real Time Statistics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 7.2. This makes it possible for authenticated attackers, with subscriber-level...
MultiVendorX < 4.0.26 - Improper Authorization on REST Routes via 'save_settings_permission'
Description The MultiVendorX plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on the 'savesettingspermission' function for the REST routes instantiated by the 'mvxrestroutesreactmodule' function versions ...
Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
iframe < 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode
Description The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission...
Table of Contents Plus < 2309 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Table of Contents Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2302 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
Analytify Dashboard < 5.1.1 - Missing Authorization to Opt-In
Description The Analytify Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optinyes function in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber-level and above acces...
Qi Addons For Elementor < 1.6.4 - Authenticated (Contributor+) Local File Inclusion
Description The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowi...
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
Description The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the...
Inactive Logout < 3.2.3 - Cross-Site Request Forgery
Description The Inactive Logout plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the inaresetadvsettings function in versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forg...
Essential Addons for Elementor < 5.8.9 - Authenticated (Contributor+) Privilege Escalation
Description The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 5.8.8 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it possible for...
BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal
Description The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...
GiveWP < 2.33.2 - Missing Authorization via handleBeforeGateway
Description The GiveWP plugin for WordPress is vulnerable to unauthorized donation form access due to a missing check on the handleBeforeGateway function that would ensure that a donation form can be used and is not trashed in versions up to, and including, 2.33.1. There is no real security impac...
PageLayer < 1.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The PageLayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ pagelayerheadercode’, 'pagelayerbodycode', and 'pagelayerfootercode' parameters in versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it...
Elements kit Elementor addons < 2.9.2 - Missing Authorization
Description The plugin is vulnerable to unauthorized admin notice dismissal due to a missing capability check on the dismissajaxcall function, making it possible for authenticated attackers, with subscriber-level access and above, to dismiss notices intended for admins...
Email Encoder Bundle < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attribute...
Booking calendar, Appointment Booking System < 3.2.9 - Multiple Authenticated(Editor+) SQL Injection
Description The Booking calendar plugin for WordPress is vulnerable to SQL Injection via the search functionality on multiple administrative pages in versions up to, and including, 3.2.8 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...
Theme My Login 2FA < 1.2 - Lack of Rate Limiting
Description The plugin does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits. PoC https://packetstormsecurity.com/2309-exploits/wpmylogin-bruteforce.txt...
ShortPixel Image Optimizer < 5.4.2 - Authenticated(Editor+) PHP Object Injection
Description The ShortPixel Image Optimizer plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 5.4.1 via deserialization of untrusted input in post content. This allows authenticated attackers with editor capabilities or above to inject a PHP Object. No PO...
Simple Membership < 4.3.5 - Privilege escalation via Registration
Description The Simple Membership plugin for WordPress is vulnerable to privilege escalation due to missing input validation on the createswpmuser function in versions up to, and including, 4.3.4. This makes it possible for unauthenticated attackers to register users with arbitrary membership...
WP Crowdfunding < 2.1.6 - Cross-Site Request Forgery
Description The WP Crowdfunding plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.5. This is due to missing or incorrect nonce validation on the settingsreset function. This makes it possible for unauthenticated attackers to reset plugin settin...
WP Users Media <= 4.2.3 - Cross-Site Request Forgery in wpusme_save_settings
Description The WP Users Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the wpusmesavesettings function. This makes it possible for unauthenticated attackers to modify plugin...
Chaty < 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.1.2 due to insufficient input sanitization...
Checkout Field Editor (Premium) < 1.7.5 - Cross-Site Request Forgery
Description The Premium version of the Checkout Field Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.7.5. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to update...
Ditty < 3.1.25 - Missing Authorization via save_ditty_permissions_check
Description The Ditty plugin for WordPress is vulnerable to unauthorized editing of dittys due to a missing capability check on the savedittypermissionscheck function in versions up to, and including, 3.1.24. This makes it possible for unauthenticated attackers to edit dittys...
GiveWP < 2.33.4 - Cross-Site Request Forgery to Stripe Integration Deletion
Description The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givestripedisconnectconnectstripeaccount function. This makes it possible for unauthenticated attackers to...
Feeds for YouTube < 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Big File Uploads < 2.1.2 - Cross-Site Request Forgery via actions
Description The Big File Uploads plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the actions function. This makes it possible for unauthenticated attackers to dismiss or delay admin...
Modula < 2.7.5 - Incomplete Authorization via 'save_image' and 'save_images'
Description The Modula plugin for WordPress is vulnerable to unauthorized modification of data due to an incomplete capability check on the 'saveimage' and 'saveimages' functions in versions up to, and including, 2.7.4. This makes it possible for authenticated attackers with the 'editothersposts'...
ProfilePress < 4.13.3 - Information Disclosure via Debug Log
Description The ProfilePress plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.13.2 via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system error...
EmbedPress < 3.8.4 - Cross-Site Request Forgery
Description The EmbedPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8.3. This is due to missing nonce validation on the clicked function. This makes it possible for unauthenticated attackers to trigger notice clicks via a forged request...
Shortcodes and extra features for Phlox theme < 2.15.0 - Unauthenticated Local File Inclusion
Description The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.14.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution ...
10Web Map Builder for Google Maps < 1.0.74 - Cross-Site Request Forgery to Notice Dismissal
Description The 10Web Map Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.73. This is due to missing or incorrect nonce validation on the gmwdbpinstallnoticestatus function. This makes it possible for unauthenticated attackers to...
Folders < 2.9.3 - Authenticated (Author+) Arbitrary File Upload
Description The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handlefoldersfileupload function in versions up to, and including, 2.9.2. This makes it possible for authors or higher to upload arbitrary files on the affected site's...
WP-Matomo Integration (WP-Piwik) < 1.0.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WP-Matomo Integration WP-Piwik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Folders < 2.9.3 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload
Description The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handlefoldersfileupload function in versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with author-level permissions or above, to...
WooCommerce Checkout Manager < 7.3.1 - Missing Authorization
Description The WooCommerce Checkout Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajaxorderattachmentupload and ajaxdeleteattachment functions hooked via AJAX in versions up to, and including, 7.3.0. This makes it possible for...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization to Sensitive Information Exposure
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportsettings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with...
GiveWP < 2.33.4 - Cross-Site Request Forgery to plugin installation
Description The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givesendwpremoteinstallhandler function. This makes it possible for unauthenticated attackers to install an...
Ultimate Dashboard < 3.7.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Description The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...