14602 matches found
Q2W3 Post Order <= 1.2.8 - Reflected Cross-Site Scripting
Description The Q2W3 Post Order plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Theater for WordPress < 0.18.4 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Funnelforms Free < 3.4.2 - Missing Authorization to Test Email Sending
Description The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions a...
Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Better RSS Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to...
UserPro < 5.1.5 - Authenticated (Subscriber+) Privilege Escalation
Description The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userproupdateuserprofile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...
ARI Stream Quiz <= 1.3.1 - Contributor+ Content Injection
Description The plugin is vulnerable to content injection due to improper capability checks on the quiz editing functionality in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with contributor access and above, to publish quizzes containing arbitrary...
Download Top 25 Social Icons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Top 25 Social Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
SEO Slider < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
Linker < 1.2.2 - Contributor+ Stored XSS
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'
Description The Woocommerce Support System plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...
AWeber < 7.3.10 - Missing Authorization via AJAX actions
Description The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked by AJAX actions in all versio...
WP Edit Username <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The WP Edit Username plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...
Bamboo Columns <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Bamboo Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inje...
EasyAzon – Amazon Associates Affiliate <= 5.1.0 - Missing Authorization on AJAX actions
Description The EasyAzon – Amazon Associates Affiliate plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the corresponding functions in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with...
UserPro < 5.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata
Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userprosaveuserdata' function. This makes it possible for unauthenticated attackers to update the user met...
Betheme < 27.1.2 - Missing Authorization
Description The Betheme theme for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on one of its functions in versions up to, and including, 27.1.1. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Generate Dummy Posts <= 1.0.0 - Missing Authorization
Description The Generate Dummy Posts plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to make use of this functionality...
Theme Blvd Shortcodes <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
BZScore – Live Score <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The BZScore – Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Anywhere Flash Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Anywhere Flash Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...
WP Travel < 7.8.1 - Unauthenticated AJAX Calls
Description The plugin does not have authorisation checks in various AJAX actions, allowing unauthenticated users to call them and update the plugin settings for example...
ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder
Description The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to...
WP Content Pilot – Autoblogging & Affiliate Marketing Plugin < 1.3.4 - Authenticated (Contributor+) Content Injection
Description The WP Content Pilot plugin for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 1.3.3. This vulnerability makes it possible for authenticated attackers, with contributor access or higher to inject new content onto the website, possibly through...
Leaflet Map < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level and above...
Email Marketing for WooCommerce by Omnisend < 1.13.9 - Sensitive Information Exposure
Description The Email Marketing for WooCommerce by Omnisend plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the status REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive user informatio...
UserHeat Plugin <= 1.1.6 - Cross-Site Request Forgery
Description The UserHeat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.6. This is due to missing or incorrect nonce validation on the settingPage function. This makes it possible for unauthenticated attackers to modify the plugin's...
Integration for Contact Form 7 and Constant Contact < 1.1.5 - Open Redirect
Description The Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.1.4. This is due to insufficient validation a redirect url. This makes it possible for unauthenticated...
Tilda Publishing <= 0.3.21 - Missing Authorization
Description The Tilda Publishing plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on several functions hooked via AJAX actions such as 'ajaxexportfile,' 'ajaxsync,' 'ajaxgetkeys,' 'ajaxswitcherstatus,' and more in versions ...
IMPress Listings <= 2.6.2 - Missing Authorization
Description The IMPress Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to perform unauthorized actions...
BetterLinks < 1.6.1 - Improper Authorization to Data Import and Export
Description The BetterLinks plugin for WordPress is vulnerable to unauthorized access and modification due to insufficient capability checks on the importdata and exportdata functions in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to import and expor...
Schema App Structured Data < 1.22.4 - Missing Authorization via page_init
Description The Schema App Structured Data plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the pageinit function in versions up to, and including, 1.22.3. This makes it possible for unauthenticated attackers to delete the plugin's transients...
WP Custom Admin Interface < 7.33 - Missing Authorization to Transients Deletion
Description The WP Custom Admin Interface plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcustomadmininterfacedeletetransients function in versions up to, and including, 7.32. This makes it possible for authenticated attackers, wi...
Finale Lite < 2.17.0 - Unauthenticated Arbitrary File Deletion
Description The plugin does not have authorisation when deleting files, allowing unauthenticated users to delete arbitrary file on the server...
ApplyOnline < 2.5.4 - Missing Authorization
Description The plugin is vulnerable to unauthorized access due to a missing or improper capability check on an unknown function, allowing authenticated attackers, with contributor-level access and above, to perform an unauthorized action...
WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions
Description The WordPress CTA plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX actions in versions up to, and including, 1.5.8. This makes it possible for unauthenticated attackers to perform unauthorized actions, such as...
Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions
Description The Responsive Image Gallery, Gallery Album plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 2.0.3. This makes it possible for authenticated attackers,...
Dragfy Addons for Elementor <= 1.0.2 - Missing Authorization via save_settings
Description The Dragfy Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savesettings function in versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level...
Ashe Extra <= 1.2.9 - Subscriber+ Companion Plugin Activation & Content Import
Description The plugin does not have authorisation in various AJAX actions, allowing any authenticated user, such as subscribers to call them, and activate companion plugins as well as import content...
WP User Frontend < 3.6.9 - Missing Authorization via AJAX actions
Description The WP User Frontend plugin for WordPress is vulnerable to unauthorized functionality use due to a missing capability check on several functions corresponding to AJAX actions in versions up to, and including, 3.6.8. This makes it possible for authenticated attackers, with...
BadgeOS <= 3.7.1.6 - Missing Authorization
Description The BadgeOS plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actio...
Glossary <= 3.1.2 - Missing Authorization
Description The Glossary plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on an unknown function in versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to make us...
Auto Tag Creator <= 1.0.2 - Missing Authorization via tag_save_settings_callback
Description The Auto Tag Creator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsavesettingscallback function in versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level...
Freesoul Deactivate Plugins < 2.1.4 - Cross-Site Request Forgery via eos_dp_pro_delete_transient
Description The Freesoul Deactivate Plugins – Plugin manager and cleanup plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 2.1.4 exclusive. This is due to missing or incorrect nonce validation on the eosdpprodeletetransient function. This makes it possible for...
Convertful – Your Ultimate On-Site Conversion Tool < 2.6 - Missing Authorization via add_woo_coupon
Description The Convertful – Your Ultimate On-Site Conversion Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addwoocoupon' REST function in versions up to, and including, 2.5. This makes it possible for unauthenticated...
WP iCal Availability <= 1.0.3 - Missing Authorization
Description The WP iCal Availability plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and abov...
YOP Poll < 6.5.29 - Reusable Captcha via validateImage
Description The YOP Poll plugin for WordPress is vulnerable to captcha bypass due to a reusable captcha bypass in the validateImage function in all versions up to, and including, 6.5.28. This makes it possible for unauthenticated attackers to vote multiple times using the same captcha image...
Just Custom Fields <= 3.3.2 - Missing Authorization on AJAX Actions
Description The Just Custom Fields plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on various AJAX actions in versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above,...
My Shortcodes <= 2.3 - Missing Authorization via Multiple AJAX Actions
Description The My Shortcodes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX actions in versions up to, and including, 2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
Draw Attention < 2.0.16 - Improper Access Control via register_cpt
Description The Draw Attention plugin for WordPress is vulnerable to unauthorized modification of data due improper capability mapping on the registercpt function in versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with contributor-level access and above,...
10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status
Description The 10WebAnalytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gawdwdbpinstallnoticestatus function in versions up to, and including, 1.2.12. This makes it possible for authenticated attackers, with subscriber-level...