14602 matches found
Elementor Website Builder < 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_inline_svg()
Description The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the getinlinesvg function in versions up to, and including, 3.16.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Simple Like Page Plugin < 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Image horizontal reel scroll slideshow < 13.3 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
LayerSlider < 7.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The LayerSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.7.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...
Popup with fancybox < 3.6 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Poptin < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wit...
EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Pinyin Slugs < 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Pinyin Slugs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WP fade in text news < 12.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
WP EXtra < 6.5 - Cross-Site Request Forgery ToolImport
Description The WP EXtra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4. This is due to missing or incorrect nonce validation on the ToolImport function. This makes it possible for unauthenticated attackers to change plugin settings via a...
Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting
Description The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modi...
Ziteboard Online Whiteboard < 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode
Description The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Woo Custom and Sequential Order Number <= 2.6.0 - Cross-Site Request Forgery
Description The Woo Custom and Sequential Order Number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.0. This is due to missing or incorrect nonce validation on the wcsonsavesettings function. This makes it possible for unauthenticated...
Droit Dark Mode <= 1.1.2 - Cross-Site Request Forgery
Description The Droit Dark Mode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for unauthenticated attackers to modify the plugin's...
TWB Woocommerce Reviews <= 1.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The TWB Woocommerce Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Contact Form builder with drag & drop - Kali Forms < 2.3.28 - Missing Authorization via Contact Form
Description The Contact Form builder with drag & drop - Kali Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the runformprocesschecks function in versions up to, and including, 2.3.27. This makes it possible for unauthenticated attackers to...
DeepL Pro API translation < 2.4.1.2 - Log Pruning via CSRF
Description The plugin does not have CSRF checks when pruning logs, which could allow attackers to make logged in admins perform such action via a CSRF attack...
Surfer < 1.3.3.379 - Missing Authorization
Description The Surfer plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions, such as removepostdraftconnection, checkdraftstatus, getlocations, getajaxsurferconnecturl, disconnectsurferfromwp, and...
Lava Directory Manager <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Lava Directory Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Captcha/Honeypot for Contact Form 7 < 1.11.4 - Captcha Bypass
Description The Captcha/Honeypot for Contact Form 7 plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.11.3. This makes it possible for unauthenticated attackers to bypass the Captcha Verification...
User Submitted Posts < 20230914 - Unauthenticated Arbitrary File Upload
Description The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uspattachimages function in versions up to, and including, 20230902. This makes it possible for unauthenticatedattackers to upload arbitrary files as long a...
Shareaholic < 9.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Widget Responsive for Youtube < 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Image vertical reel scroll slideshow < 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
BP Profile Shortcodes Extra < 2.5.3 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WP EXtra < 6.3 - Missing Authorization to Export Settings
Description The WP EXtra plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the register function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to export plugin...
Responsive Tabs < 4.0.6 - Authenticated (Contributor+) Content Injection
Description The Responsive Tabs plugin for WordPress is vulnerable to Arbitrary Content Injection in versions prior to 4.0.6. This vulnerability makes it possible for authenticated attackers, with contributor-level permissions and above, to inject new content onto the website, possibly through th...
Jquery news ticker < 3.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Motors – Car Dealer & Classified Ads <= 1.4.6 - Server Side Request Forgery
Description The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.6. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web...
Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure
Description The Email posts to subscribers for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elppluginparserequest function in versions up to, and including 6.2. This makes it possible for unauthenticated attackers to invoke additional functions a...
WP Customer Reviews < 3.6.7 - Authenticated (Subscriber+) Sensitive Information Exposure
Description The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of...
Libsyn Publisher Hub <= 1.4.4 - Sensitive Information Exposure
Description The Libsyn Publisher Hub plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data...
Weather Atlas Widget < 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Pressference Exporter <= 1.0.3 - Authenticated (Administrator+) SQL Injection
Description The Pressference Exporter plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...
Extra Product Options for WooCommerce <= 3.0.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings
Description The Extra Product Options for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
Ajax Domain Checker <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Ajax Domain Checker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Social Sharing Plugin - Social Warfare < 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'socialwarfare' shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Funnelforms Free < 3.4.2 - Missing Authorization to Category Deletion
Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeletecategory function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permission...
ANAC XML Bandi di Gara <= 7.5 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...
KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle
Description The KD Coming Soon plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7 via deserialization of untrusted input cetitle in the vulnerable kdcemailer function. This makes it possible for unauthenticated attackers to inject a PHP Object. No...
Export Import Menus < 1.9.0 - Authenticated (Subscriber+) Arbitrary File Upload
Description The Export Import Menus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadMenusJson function in versions up to, and including, 1.8.0. This makes it possible for authenticated attackers, with subscriber-level permissions and...
Nexter < 2.0.4 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from'
Description The Nexter theme for WordPress is vulnerable to SQL Injection via the 'to' and 'from' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameter and lack of valid preparation on the existing SQL query. This makes it possible for...
Vertical marquee plugin < 7.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible fo...
Themify Ultra < 7.3.6 - Privilege Escalation
Description The themify-ultra theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.3. This makes it possible for low-level attackers with subscriber-level access to elevate their privileges...
Ultimate Addons for WPBakery Page Builder < 3.19.15 - Authenticated(Contributor+) Local File Inclusion
Description The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.19.14. This makes it possible for authenticated attackers, with contributor access and above, to include and execute arbitrary files on the server,...
Actueel Financieel Nieuws – Denk Internet Solutions <= 5.2.0 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Direct Checkout – Quick View – Buy Now For WooCommerce < 1.5.9 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Custom CSS Code
Description The Direct Checkout – Quick View – Buy Now For WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom CSS code in versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
MainWP < 4.4.3.4 - Authenticated (Administrator+) SQL Injection
Description The MainWP plugin for WordPress is vulnerable to SQL Injection via the 'tags' parameter in versions up to, and including, 4.4.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Recently viewed and most viewed products <= 1.1.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
Description The Recently viewed and most viewed products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
Garden Gnome Package < 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...