14602 matches found
Funnelforms Free < 3.4.2 - Missing Authorization to Category Update
Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfupdatecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permission...
Podcast Subscribe Buttons < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Simple File List < 6.1.10 - Unauthenticated Arbitrary File Deletion
Description The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including, 6.1.9. This is due to insufficient controls on files passed to a deletion function. This makes it possible for unauthenticated attackers to delete arbitrary files, whic...
Advanced Local Pickup for WooCommerce < 1.6.0 - Authenticated (Administrator+) SQL Injection
Description The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL quer...
Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update
Description The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the...
Up down image slideshow gallery < 12.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...
Better Elementor Addons <= 1.3.6 - Missing Authorization
Description The Better Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the beaadminajax function hooked via an AJAX action in versions up to, and including, 1.3.6. This makes it possible for authenticated attackers, wit...
Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.8.8 - Authenticated (Administrator+) SQL Injection
Description The Redirect 404 Error Page to Homepage or Custom Page with Logs plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.8.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
Japanized For WooCommerce < 2.6.5 - Missing Authorization
Description The Japanized For WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification due to missing capability checks on several functions called via REST API function in versions up to, and including, 2.6.4. This makes it possible for unauthenticated attackers to...
LuckyWP Scripts Control <= 1.2.1 - Missing Authorization via multiple AJAX actions
Description The LuckyWP Scripts Control plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with...
Popup by Supsystic < 1.10.20 - Missing Authorization to Sensitive Information Exposure
Description The Popup by Supsystic plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.19 via the getWpCsvList action. This makes it possible for authenticated attackers with subscriber level access or higher to extract sensitive data...
Themify Ultra < 7.3.6 - Authenticated (Subscriber+) PHP Object Injection
Description The themify-ultra theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.3.3 via deserialization of untrusted input. This makes it possible for authenticated attackers with subscriber access and above to inject a PHP Object. If a POP chain is...
Short URL <= 1.6.8 - Missing Authorization via multiple AJAX functions
Description The Short URL plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 1.6.8. This makes it possible for authenticated attackers such as...
Contact Form builder with drag & drop - Kali Forms < 2.3.29 - Missing Authorization via get_log
Description The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getlog function in versions up to, and including, 2.3.28. This makes it possible for authenticated attackers, with subscriber-level...
EazyDocs < 2.3.6 - Unauthenticated OnePage Document Update/Publish
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the doconepage and editdoconepage functions, allowing unauthenticated attackers to publish and edit the plugin's OnePage document...
ProductX – Gutenberg WooCommerce Blocks < 3.0.0 - Missing Authorization via option_data_save
Description The ProductX – Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optiondatasave function in versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with...
WP Custom Widget area <= 1.2.5 - Missing Authorization
Description The WP Custom Widget area plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with...
WordPress Backup & Migration < 1.4.2 - Missing Authorization to Settings and Schedule Modification
Description The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wtsavesettings and saveschedule functions in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with...
Bold Timeline Lite < 1.2.0 - Missing Authorization to Admin Notice Dismissal
Description The Bold Timeline Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a logic error on the boldtimelinewpdocsthisscreen function in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with subscriber-level access an...
CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing unauthenticated attackers to make unauthorized use of the unprotected function...
Social proof testimonials and reviews by Repuso < 5.00 - Missing Authorization
Description The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to unauthorized access of data due to missing capability checks on several functions hooked via AJAX actions in versions up to, and including, 4.97. This makes it possible for authenticated attacker...
Quill Forms < 3.4.0 - Cross-Site Request Forgery
Description The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.0. This is due to missing or...
AtomChat <= 1.1.4 - Missing Authorization via credits REST API Endpoint
Description The AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'credits' REST API function in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to manipulate user credits when the...
Broken Link Checker | Finder < 2.5.0 - Missing Authorization via moblc_auth_save_settings
Description The Broken Link Checker | Finder plugin for WordPress is vulnerable to modification of data due to a missing capability check on the moblcauthsavesettings function in versions up to, and including, 2.4.2. This makes it possible for unauthenticated attackers to dismiss admin notificati...
Mediabay <= 1.6 - Missing Authorization via AJAC actions
Description The Mediabay plugin for WordPress is vulnerable to unauthorized use of functionality due to missing capability checks on several AJAX actions in versions up to, and including, 1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to make...
Animated Rotating Words < 5.5 - Cross-Site Request Forgery via save_admin_options
Description The Animated Rotating Words Interchanging Random Words in a Sentence plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.4. This is due to missing or incorrect nonce validation on the saveadminoptions function. This makes it possibl...
DX Delete Attached Media < 2.0.6 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Alter <= 1.0 - Cross-Site Request Forgery
Description The Alter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the alterconf function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...
Themify Ultra < 7.3.6 - Authenticated (Subscriber+) Arbitrary File Upload
Description The themify-ultra theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in during a file upload in all versions up to, and including, 7.3.3. This makes it possible for authenticated attackers with subscriber access or higher to upload arbitrar...
Product Visibility by Country for WooCommerce <= 1.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Product Visibility by Country for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery
Description The theme does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Countdown and CountUp, WooCommerce Sales Timer <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings
Description The Countdown and CountUp, WooCommerce Sales Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Themify Ultra < 7.3.6 - Missing Authorization
Description The Themify Ultra theme for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 7.3.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to ma...
Podlove Web Player <= 5.7.3 - Missing Authorization
Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to perform an unauthorized action...
Contact Form Generator <= 2.7.1 - Contributor+ SQLi
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by Contributor roles and above...
Elementor Website Builder < 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_inline_svg()
Description The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the getinlinesvg function in versions up to, and including, 3.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Simple Like Page Plugin < 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Image horizontal reel scroll slideshow < 13.3 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
LayerSlider < 7.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Popup with fancybox < 3.6 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Poptin < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...
EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Pinyin Slugs < 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Pinyin Slugs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WP fade in text news < 12.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
WP EXtra < 6.5 - Cross-Site Request Forgery ToolImport
Description The WP EXtra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. This is due to missing or incorrect nonce validation on the ToolImport function. This makes it possible for unauthenticated attackers to change plugin settings via a...
Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting
Description The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modi...
Ziteboard Online Whiteboard < 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode
Description The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Woo Custom and Sequential Order Number <= 2.6.0 - Cross-Site Request Forgery
Description The Woo Custom and Sequential Order Number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.0. This is due to missing or incorrect nonce validation on the wcsonsavesettings function. This makes it possible for unauthenticated...
Droit Dark Mode <= 1.1.2 - Cross-Site Request Forgery
Description The Droit Dark Mode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for unauthenticated attackers to modify the plugin's...