14602 matches found
10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status
Description The 10WebAnalytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gawdwdbpinstallnoticestatus function in versions up to, and including, 1.2.12. This makes it possible for authenticated attackers, with subscriber-level...
Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email
Description The Flo Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the flosendtestemail function in versions up to, and including, 1.0.41. This makes it possible for authenticated attackers, with subscriber-level access and above...
Poll Maker < 4.7.2 - Missing Authorization
Description The Poll Maker plugin for WordPress is vulnerable to unauthorized access of data or functionality due to a missing capability check on one of its functions in all versions up to, and including, 4.7.1. This makes it possible for unauthenticated attackers to make use of this function...
Headline Analyzer < 1.3.2 - Missing Authorization via REST APIs
Description The Headline Analyzer plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions called via REST API endpoints in versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to retrieve a...
Product Recommendation Quiz for eCommerce < 2.1.2 - Missing Authorization in prq_set_token
Description The Product Recommendation Quiz for eCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the prqsettoken function in versions up to, and including, 2.1.0. This makes it possible for unauthenticated attackers to modify...
YITH WooCommerce Product Add-Ons < 4.2.1 - Missing Authorization
Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to unauthorized functionality due to a missing capability check on two of its AJAX actions in versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to make use of this...
Gift Up Gift Cards for WordPress and WooCommerce < 2.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attribute...
Accordion < 2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Current Menu Item for Custom Post Types < 1.6 - Cross-Site Request Forgery
Description The Current Menu Item for Custom Post Types plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the cmicptview function. This makes it possible for unauthenticated attackers to...
CBX Map for Google Map & OpenStreetMap < 1.1.12 - Contributor+ Stored XSS via shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WooODT Lite < 2.4.7 - Missing Authorization to Arbitrary Options Update
Description The WooODT Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the byconsolewooodtadminfieldssettingfiles function hooked via AJAX in versions up to, and including, 2.4.6. This makes it possible for authenticated attackers,...
Team Members Showcase <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Team Members Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Custom Header Images <= 1.2.1 - Cross-Site Request Forgery
Description The Custom Header Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknow...
WP ERP < 1.12.7 - Missing Authorization via admin notice dismissal
Description The WP ERP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple admin notice dismissal function in versions up to, and including, 1.12.6. This makes it possible for authenticated attackers, with subscriber-level access a...
Jetpack < 12.8-a.3 - Contributor+ Stored XSS via block attribute
Description The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Sunshine Photo Cart < 3.0 - Insecure Direct Object Reference to Order Manipulation
Description The Sunshine Photo Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.9.25 due to missing validation on a user-controlled key. This can allow unauthenticated attackers to manipulate orders that do not belong to them...
ANAC XML Bandi di Gara <= 7.5 - Cross-Site Request Forgery via settings.php
Description The ANAC XML Bandi di Gara plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5. This is due to missing or incorrect nonce validation on the settings.php file. This makes it possible for unauthenticated attackers to alter the plugin's...
WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute
Description The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a featured image 'alt' attribute in versions up to, and including, 8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Embed Privacy < 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Embed Privacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedprivacyoptout ' shortcode in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
LifterLMS < 7.5.0 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion
Description The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybeserveexport function. This makes it possible for authenticated attackers, with administrator or LMS manager access and abov...
WP GPX Map < 1.7.06 - Missing Authorization
Description The WP GPX Map plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpgpxmapsdismissnotice function in versions up to, and including, 1.7.05. This makes it possible for authenticated attackers, with subscriber-level access an...
Admin and Site Enhancements (ASE) < 5.8.0 - Password Protection Mode Security Feature Bypass
Description The Admin and Site Enhancements ASE plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 5.7.1. This is due to a flawed authentication mechanism within the maybeprocesslogin function. This makes it possible for unauthenticated attackers t...
Slider Revolution < 6.6.16 - Authenticated (Author+) Arbitrary File Upload
Description The Slider Revolution plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 6.6.15. This makes it possible for attackers with author-level access and higher to upload arbitrary files on the affected site's server which may make remote code...
Sharkdropship for AliExpress Dropship and Affiliate <= 2.2.3 - Missing Authorization
Description The Sharkdropship for AliExpress Dropship and Affiliate plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on several functions called via nopriv AJAX actions in the /wooshark-aliexpress-importerinit.php file in versions...
Click To Tweet <= 2.0.14 - Missing Authorization
Description The Click To Tweet plugin for WordPress is vulnerable to unauthorized access, loss or modification of data due to a missing capability check on one of its functions in versions up to, and including, 2.0.14. This makes it possible for authenticated attackers, with subscriber-level acce...
WP Crowdfunding < 2.1.5 - Missing Authorization via settings_reset
Description The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized settings reset due to a missing capability check on the settingsreset function in versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
WP Accessibility Helper (WAH) < 0.6.2.5 - Missing Authorization via AJAX action
Description The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to a missing capability check on the wahupdateattachmenttitle function in versions up to, and including, 0.6.2.4. This makes it possible for authenticated attackers, with...
SAML SP Single Sign On < 5.0.5 - Missing Authorization to notice dismissal
Description The SAML SP Single Sign On plugin for WordPress is vulnerable to unauthorized notice dismissal due to a missing capability check on the closewelcomemodal function in versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with subscriber-level access...
Category Slider for WooCommerce < 1.4.16 - Missing Authorization via notice dismissal functionality
Description The Category Slider for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability and nonce check on various admin notice dismissal functions in versions up to, and including, 1.4.15. This makes it possible for authenticated attacker...
Woocommerce Support System <= 1.2.1 - Missing Authorization
Description The Woocommerce Support System plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on several functions hook via 'init', 'admininit', and AJAX actions in versions up to, and including, 1.2.1. This makes it possible...
Bulk NoIndex & NoFollow Toolkit < 1.51 - Missing Authorization
Description The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatepagecallback and updatepagebulkcallback functions called via AJAX actions in versions up to, and including, 1.5. This makes it...
rtMedia for WordPress, BuddyPress and bbPress < 4.6.15 - Missing Authorization via export_settings
Description The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the exportsettings function in versions up to, and including, 4.6.14. This makes it possible for authenticated attackers, with...
WP Directory Kit < 1.2.7 - Missing Authorization
Description The WP Directory Kit plugin for WordPress is vulnerable to unauthorized access to functionality due to a missing capability check on one of its functions in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to make use of functionality intended...
BitPay Checkout for WooCommerce < 5.0.0 - Missing Authorization
Description The BitPay Checkout for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on an unknown function in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to perform an unauthorized...
Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings'
Description The Secure Admin IP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSettings' function that runs on 'admininit' in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to modify t...
TelSender <= 1.14.8 - Missing Authorization
Description The TelSender plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tscfwcformajaxreqest function hooked via an AJAX action in versions up to, and including, 1.14.8. This makes it possible for authenticated attackers, with...
Ovic Product Bundle <= 1.1.2 - Missing Authorization
Description The Ovic Product Bundle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removebundleproduct function hooked via a nopriv AJAX action in versions up to, and including, 1.1.2. This makes it possible for unauthenticated...
WiserNotify Social Proof < 2.6 - Missing Authorization
Description The WiserNotify Social Proof plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the varifyapi function hooked via an AJAX action in versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to...
Slider Pro < 4.8.7 - Missing Authorization via AJAX actions
Description The Slider Pro plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in versions up to, and including, 4.8.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to hide...
Automatic YouTube Gallery < 2.3.5 - Missing Authorization via AJAX actions
Description The Automatic YouTube Gallery plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on the ajaxcallbacksaveapikey and ajaxcallbackdeletecache functions in versions up to, and including, 2.3.3. This makes it possible for authenticat...
The Plus Addons for Elementor Pro < 5.2.9 - Unauthenticated Local File Inclusion
Description The The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.2.8 via an unknown parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...
Eonet Manual User Approve <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Eonet Manual User Approve plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection
Description The Master Slider Pro plugin for WordPress is vulnerable to SQL Injection via an unknown parameter in all versions up to, and including, 3.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
Plugin Name: Device Theme Switcher <= 3.0.2 - Cross-Site Request Forgery
Description The Plugin Name: Device Theme Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on the saveadminpagesettings function. This makes it possible for unauthenticated...
wp image slideshow < 12.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Wp anything slider < 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode
Description The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Pz-LinkCard <= 2.5.1 - Caching Management via CSRF
Description The plugin does not have CSRF checks when managing the caching feature, which could allow attackers to make logged in admin perform unwanted actions via CSRF attacks...
Restrict Content < 3.2.8 - Information Exposure via legacy log file
Description The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.7 via the legacy log file. This makes it possible for unauthenticated attackers to extract sensitive data including debug information...
Etsy Shop < 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...
HTML filter and csv-file search < 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...