14602 matches found
Seers <= 8.0.6 - Missing Authorization via multiple AJAX actions
Description The Seers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple ajax functions in versions up to, and including, 8.0.6. This makes it possible for unauthenticated attackers to modify the cookie policy and change the conse...
Animator < 3.0.11 - Missing Authorization to Plugin Settings Update
Description The Animator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the staupdateoptions function in versions up to, and including, 3.0.10. This makes it possible for subscribers to modify the plugin's settings. Version 3.0.9 used ...
10Web Map Builder for Google Maps < 1.0.74 - Missing Authorization to Notice Dismissal
Description The 10Web Map Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gmwdbpinstallnoticestatus function in versions up to, and including, 1.0.73. This makes it possible for authenticated attackers, with subscriber-level...
Leadster < 1.1.3 - Cross-Site Request Forgery via leadster_script_code_action
Description The Leadster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the leadsterscriptcodeaction function. This makes it possible for unauthenticated attackers to modify the...
DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints
Description The DoLogin Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple REST functions in versions up to, and including, 3.7.1. This makes it possible for unauthenticated attackers to send test SMS messages to arbitrar...
Charitable < 1.7.0.14 - Authenticated(Contributor+) Stored Cross-Site Scripting
Description The Charitable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.7.0.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WP Word Count <= 3.2.4 - Missing Authorization via calculate_statistics
Description The WP Word Count plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the calculatestatistics function in versions up to, and including, 3.2.4. This makes it possible for authenticated attackers, with subscriber-level access and...
Layer Slider <= 1.1.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Layer Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
AI ChatBot < 4.9.1 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file
Description The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcldopenaiuploadpagetrainingfile function. This allows subscriber-level attackers to append "...
Neon text < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontextbox shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes color. This makes it possible for...
Multi-column Tag Map < 17.0.27 - Cross-Site Request Forgery
Description The Multi-column Tag Map plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the scmcTagMappluginoptions function in versions up to, and including, 17.0.26. This makes it possible for unauthenticated attackers to update the plugin's setting...
Vertical scroll recent post <= 14.0 - Cross-Site Request Forgery via vsrp_admin_options
Description The Vertical scroll recent post plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 14.0. This is due to missing or incorrect nonce validation on the 'vsrpadminoptions' function. This makes it possible for unauthenticated attackers to...
Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule
Description The Pricing Deals for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the 'vtprdajaxclonerule' function in versions up to, and including, 2.0.3.2. This makes it possible for unauthenticated attackers to clone...
Accordion < 2.7 - Authenticated (Editor+) Stored Cross-Site Scripting via accordion settings
Description The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and...
Korea SNS <= 1.6.4 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Giveaways and Contests by RafflePress < 1.12.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user...
Preloader Matrix <= 2.0.1 - Cross-Site Request Forgery
Description The Preloader Matrix plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the handleEndPoint function. This makes it possible for unauthenticated attackers to modify the plugin...
Flatsome < 3.17.6 - Unauthenticated PHP Object Injection
Description The Flatsome theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.17.5 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed o...
Modal Window < 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
affiliate-toolkit – WordPress Affiliate Plugin < 3.4.0 - Open Redirect via atkpout.php
Description The affiliate-toolkit – WordPress Affiliate Plugin is vulnerable to Open Redirect in versions up to, and including, 3.3.9. This is due to insufficient validation on the redirect url supplied via the 'url' parameter in atkpout.php. This makes it possible for unauthenticated attackers t...
WP Links Page < 4.9.5 - Cross-Site Request Forgery via wplf_ajax_update_screenshots
Description The WP Links Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.4. This is due to missing or incorrect nonce validation on the 'wplfajaxupdatescreenshots' function. This makes it possible for unauthenticated attackers to update...
Delete Duplicate Posts < 4.9 - Missing Authorization via AJAX Actions
Description The Delete Duplicate Posts plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on some of its AJAX actions in all versions up to 4.9 exclusive. This makes it possible for authenticated attackers, with subscriber access or higher, to...
WDContactFormBuilder <= 1.0.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ContactFormBuilder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping on 'id' user supplied attribute. This makes it possible...
Dropshipping & Affiliation with Amazon <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload
Description The Dropshipping & Affiliation with Amazon plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on files imported from a URL via the wpasimportproductfromamazon function called via an AJAX action in versions up to, and including, 2.1.2. This...
Donations Made Easy – Smart Donations <= 4.0.12 - Cross-Site Request Forgery
Description The Donations Made Easy – Smart Donations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.12. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...
Download CloudNet360 <= 3.2.0 - Reflected Cross-Site Scripting
Description The CloudNet360 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...
Funnelforms Free < 3.4.2 - Missing Authorization to Arbitrary Post Duplication
Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfcopyposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and...
FV Flowplayer Video Player < 7.5.39.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update
Description The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fvplayeruservideo’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up t...
WooCommerce < 7.9.0 - Sensitive Information Exposure
Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to...
WP Post Columns <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Taggbox <= 3.1 - Cross-Site Request Forgery
Description The Taggbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function via a forged...
Funnelforms Free < 3.4.2 - Missing Authorization to Enable/Disable Dark Mode
Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2triggerdarkmode function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level...
DrawIt (draw.io) <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The DrawIt draw.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
Post Meta Data Manager < 1.2.2 - Cross-Site Request Forgery to Post, Term, and User Meta Deletion
Description The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions. This makes it possibl...
Login and Logout Redirect <= 2.0.2 - Open Redirect
Description The Login and Logout Redirect plugin for WordPress is vulnerable to Open Redirect in versions up to, and including, 2.0.2. This is due to insufficient validation on the redirect url supplied via the 'redirectto' parameter. This makes it possible for unauthenticated attackers to redire...
SmartCrawl WordPress SEO checker < 3.8.3 - Unauthenticated Password Protected Post Disclosure
Description The plugin does not prevent unauthorised users from accessing password-protected posts' content. PoC As unauthenticated, view the source via the web browser of any password protected post and find The content of the post will be disclosed in the meta and script tags after this, exampl...
Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery
Description The Plainview Protect Passwords plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the adminmenusettings function. This makes it possible for unauthenticated attackers to modif...
Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode
Description The Remote Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5 via the plugin's shortcode. This allows authenticated attackers with contributor-level privileges and above to include and execute arbitrary files on the serve...
Youtube SpeedLoad <= 0.6.3 - Cross-Site Request Forgery
Description The Youtube SpeedLoad plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.3. This is due to missing or incorrect nonce validation on the ytslsettingspage function. This makes it possible for unauthenticated attackers to modify the...
Interactive World Map <= 3.2.0 - Reflected Cross-Site Scripting
Description The Interactive World Map plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
Themify Ultra < 7.3.6 - Missing Authorization
Description The themify-ultra theme for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on an unknown function in all versions up to, and including, 7.3.3. This makes it possible for authenticated attackers with subscriber access or...
WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The WooCommerce Product Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
Category SEO Meta Tags <= 2.5 - Cross-Site Request Forgery via csmt_admin_options
Description The Category SEO Meta Tags plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5. This is due to missing or incorrect nonce validation on the 'csmtadminoptions' function. This makes it possible for unauthenticated attackers to change th...
WooCommerce Bookings < 2.0.4 - Cross-Site Request Forgery
Description The WooCommerce Bookings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke this function...
Youzify < 1.2.3 - Insecure Direct Object Reference
Description The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.2 due to missing validation on a user controlled key. This makes it...
Delete Usermetas < 1.2.0 - Cross-Site Request Forgery
Description The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumetoptionspage function. This makes it possible for unauthenticated attackers to remove user meta for...
Master Slider Pro <= 3.6.5 - Unauthenticated PHP Object Injection
Description The Master Slider Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...
Tab Ultimate < 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Thrive Theme Builder < 3.24.0 - Subscriber+ Privilege Escalation
Description The them is vulnerable to privilege escalation, allowing any authenticated users, such as subscribers to elevate their privileges...
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
Description The plugin discloses the content of password protected posts to unauthenticated users via a crafted request PoC Append "?view=single-event" to a password protected post, then view the source of the page and find the post content disclosed in...