CVE Catalog

A Server-Side Request Forgery (SSRF) vulnerability exists in the Envato Elements WordPress plugin, affecting versions through 2.0.14. This vulnerability allows attackers to make the server perform requests to arbitrary domains, potentially leading to the exposure of sensitive information from other services running on the system.

A stored cross-site scripting vulnerability has been identified in the Brainstorm Force Astra Widgets plugin for WordPress, affecting versions through 1.2.15. This vulnerability arises from improper input handling during web page generation, allowing malicious scripts to be injected and executed when users visit the affected site.

A broken access control vulnerability has been identified in the WPvivid Backup and Migration plugin for WordPress, affecting versions through 0.9.106. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), potentially leading to unauthorized actions.

A broken access control vulnerability has been identified in the WordPress WP SecureSubmit plugin, affecting versions through 1.5.16. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileged users.

A blind SQL injection vulnerability has been identified in the ClickWhale WordPress plugin, specifically in versions through 2.4.1. This vulnerability allows for improper neutralization of special elements used in SQL commands, potentially enabling attackers to interact with the database in unauthorized ways, such as stealing information.

A stored cross-site scripting vulnerability has been identified in the NAVER Analytics WordPress plugin, affecting versions through 0.9. This issue arises from improper input sanitization during web page generation, allowing malicious scripts to be injected and executed.

A missing authorization vulnerability has been identified in the CubeWP Forms – All-in-One Form Builder plugin for WordPress, affecting versions through 1.1.5. This vulnerability allows exploitation of incorrectly configured access control security levels, potentially leading to unauthorized users performing actions reserved for higher privileges.

A local file inclusion vulnerability has been identified in the Abdul Hakeem Build App Online plugin for WordPress, affecting versions through 1.0.23. This vulnerability arises from improper control of filenames in include or require statements, allowing PHP remote file inclusion that could be exploited to include local files from the target website and display their contents. Such exploitation could lead to the disclosure of sensitive information, like database credentials, potentially allowing a complete takeover of the database, depending on the configuration.

A privilege escalation vulnerability has been identified in the WordPress Accessibility by AllAccessible plugin, affecting versions through 1.3.4. This vulnerability allows low-privileged users to gain higher privileges, potentially leading to full control of the website.

A reflected cross-site scripting vulnerability has been identified in the Designinvento DirectoryPress plugin, affecting versions through 3.6.19. This issue arises from improper input sanitization during web page generation, allowing attackers to inject malicious scripts that are executed in the context of the user's browser.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the MagePeople Bus Ticket Booking with Seat Reservation plugin for WordPress, affecting versions through 5.4.3. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A path traversal vulnerability has been identified in the SMSA Express SMSA Shipping WordPress plugin, affecting versions through 2.3. This vulnerability allows for arbitrary file deletion, which could lead to the removal of critical files from a website, potentially causing the site to malfunction.

A deserialization vulnerability allowing object injection has been identified in the WPGuppy WordPress plugin, affecting versions through 1.1.0. This vulnerability could lead to various injection attacks, including code injection, SQL injection, and path traversal, especially if a suitable property-oriented programming chain is available.

A vulnerability allowing unrestricted file upload has been identified in the ThemeGlow JobBoard plugin, specifically in the Job Listing feature, affecting versions through 1.2.6. This vulnerability could be exploited to upload a web shell to the server, potentially leading to unauthorized access and execution of malicious actions.

A vulnerability exists in the WordPress File Upload plugin, specifically in versions through 4.24.15. The issue arises from a lack of proper capability checks in the 'wfu_ajax_action_read_subfolders' function. This flaw enables authenticated attackers with Subscriber-level access or higher to execute limited path traversal, allowing them to view directories and subdirectories within WordPress. However, this vulnerability does not permit access to files themselves.

A stored cross-site scripting vulnerability has been identified in the Service Box plugin for WordPress, affecting all versions through 1.9. This vulnerability arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages. The injected scripts are executed when users access the compromised pages.

A directory traversal vulnerability has been identified in the MIPL WC Multisite Sync plugin for WordPress, affecting all versions through 1.1.5. The vulnerability arises from improper validation in the 'mipl_wc_sync_download_log' action, allowing unauthenticated users to access and read arbitrary files on the server. This could lead to the exposure of sensitive information.

A denial-of-service vulnerability has been identified in OpenHarmony versions through 4.1.2. This issue allows local attackers to cause a denial-of-service condition by exploiting a use-after-free flaw.

A vulnerability in OpenHarmony versions through 4.1.2 allows local attackers to cause the device to fail to boot by exploiting an out-of-bounds write condition.

A vulnerability in OpenHarmony versions through 4.1.2 allows local attackers to cause an information leak by exploiting an out-of-bounds read condition.

A stored cross-site scripting vulnerability has been identified in the Coupon Plugin for WordPress, affecting all versions through 1.2.1. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with Contributor-level access or higher to inject arbitrary scripts into pages. These scripts are executed when users access the compromised pages.

A vulnerability in the Croma Music plugin for WordPress, present in versions through 3.6, allows authenticated users with Subscriber-level access and above to arbitrarily modify options on the WordPress site. This issue arises from a missing capability check in the 'ironMusic_ajax' function, which can be exploited to escalate privileges by changing the default role for new users to administrator and enabling user registration, potentially leading to unauthorized administrative access.

A reflected cross-site scripting vulnerability has been identified in the Booking Calendar and Booking Calendar Pro plugins for WordPress. This issue affects all versions prior to and including 3.2.19 and 11.2.19, respectively. The vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if the attacker successfully persuades a user to perform an action, such as clicking a link, that triggers the injection.

A session fixation vulnerability has been identified in Progress Sitefinity, stemming from insufficient session expiration. This issue affects Sitefinity versions 4.0 through 14.4.8142, 15.0.8200 through 15.0.8229, 15.1.8300 through 15.1.8327, and 15.2.8400 through 15.2.8421.

A cross-site scripting (XSS) vulnerability has been identified in the administrative backend of Progress Sitefinity. This issue affects Sitefinity versions 4.0 through 14.4.8142, as well as 15.0.8200 through 15.0.8229, 15.1.8300 through 15.1.8327, and 15.2.8400 through 15.2.8421. The vulnerability arises from improper neutralization of input during web page generation, allowing for the injection of malicious scripts that could be executed in the context of the user's browser.

A vulnerability allowing information exposure through error messages has been identified in Progress Sitefinity. This issue affects versions 4.0 prior to 14.4.8142, 15.0.8200 through 15.0.8229, 15.1.8300 through 15.1.8327, and 15.2.8400 through 15.2.8421.

A vulnerability exists in the Export Import Menus plugin for WordPress, in all versions through 1.9.1. The issue arises from a lack of proper capability checks in the 'dsp_export_import_menus()' function, allowing unauthenticated users to export menu data and settings without authorization.

A stored cross-site scripting vulnerability has been identified in the Master Addons - Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress. This vulnerability affects all versions through 2.0.6.7 and arises from inadequate input sanitization and output escaping in the plugin's Tooltip module. As a result, authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which will be executed when users access the affected pages.

A reflected cross-site scripting vulnerability has been identified in the Estatik Mortgage Calculator plugin for WordPress, affecting all versions through 2.0.11. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link.

A vulnerability exists in the Aurum WordPress and WooCommerce Shopping Theme, all versions through 4.0.2. The issue arises from a missing capability check in the 'lab_1cl_demo_install_package_content' function, allowing authenticated attackers with Subscriber-level access and above to overwrite existing content with demo content. This unauthorized data modification could lead to potential disruption or misrepresentation of the site's content.

A stored cross-site scripting vulnerability has been identified in the Sina Extension for Elementor plugin for WordPress, affecting all versions through 3.5.91. The issue arises in the Sina Image Differ widget, where inadequate input sanitization and output escaping of user-supplied attributes allow authenticated attackers with contributor-level access or higher to inject arbitrary scripts. These scripts are executed when a user accesses the compromised page.

A stored cross-site scripting vulnerability has been identified in the WP jQuery DataTable plugin for WordPress, affecting all versions through 4.0.1. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'wp_jdt' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A stored cross-site scripting vulnerability has been identified in the Bootstrap Blocks for WP Editor plugin, specifically in version 2.5.0 and prior. This issue arises within the 'gtb-bootstrap/column' block, where inadequate input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary scripts. These scripts are executed when users access the affected pages.

A stored cross-site scripting vulnerability has been identified in the Marketplace Items plugin for WordPress, affecting all versions up to and including 1.5.5. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'envato' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A stored cross-site scripting vulnerability has been identified in the Solar Wizard Lite plugin for WordPress, affecting all versions through 1.2.4. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'solar_wizard' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access the affected pages.

A vulnerability in the SMS Alert Order Notifications – WooCommerce plugin for WordPress, in versions through 3.7.6, allows for unauthorized data modification that could lead to privilege escalation. This issue arises from a lack of proper capability checks in the updateWcWarrantySettings() function. As a result, authenticated attackers with subscriber-level access or higher can manipulate arbitrary options on the WordPress site. This vulnerability can be exploited to change the default user role for new registrations to administrator, effectively granting admin access to the attacker. The issue requires the WooCommerce Warranty plugin to be present on the site.

A vulnerability allowing sensitive information exposure has been identified in the Passster – Password Protect Pages and Content plugin for WordPress, affecting all versions through 4.2.10. This vulnerability arises from an unauthenticated content restriction bypass, enabling attackers to access sensitive data from posts restricted to higher-level roles, such as administrators, via the WordPress core search feature.

A stored cross-site scripting vulnerability has been identified in the Social Rocket – Social Sharing Plugin for WordPress, affecting all versions through 1.3.4. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the 'socialrocket-floating' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A vulnerability exists in the Social Rocket – Social Sharing Plugin for WordPress, in all versions through 1.3.4. The issue arises from a lack of proper capability checks in the tweet_settings_save() and tweet_settings_update() functions. This flaw allows authenticated attackers with Subscriber-level access or higher to unauthorizedly modify the plugin's settings.

A stored cross-site scripting vulnerability has been identified in the Category Posts Widget WordPress plugin, affecting versions prior to 4.9.18. The issue arises because the plugin fails to properly sanitize and escape certain settings. This flaw enables high-privilege users, such as administrators, to execute stored cross-site scripting attacks, even in environments where the unfiltered_html capability is restricted, such as multisite setups.

A stored cross-site scripting vulnerability has been identified in the WordPress Auction Plugin, affecting versions through 3.7. The issue arises because the plugin fails to properly sanitize and escape certain settings, allowing high-privilege users, such as editors, to inject malicious scripts that are stored and executed later.

A SQL injection vulnerability has been identified in the WordPress Auction Plugin, affecting versions through 3.7. The issue arises because the plugin fails to properly sanitize and escape a parameter before incorporating it into a SQL statement. This flaw enables users with editor privileges and above to execute SQL injection attacks.

A vulnerability exists in Axis Camera Station Pro versions prior to 6.5, allowing authenticated malicious clients to interfere with audit log creation or execute a denial-of-service attack on the server by using maliciously crafted audit log entries.

A vulnerability allowing arbitrary file read has been identified in the Error Log Viewer By WP Guru plugin for WordPress, affecting all versions through 1.0.1.3. The issue arises from the wp_ajax_nopriv_elvwp_log_download AJAX action, which lacks proper authorization, enabling unauthenticated attackers to read arbitrary files on the server that may contain sensitive information.

A reflected cross-site scripting vulnerability has been identified in the JoomSport WordPress plugin, specifically in versions through 5.6.17. The issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if a user is tricked into clicking a link that contains the malicious payload.

A vulnerability exists in the Host PHP Info plugin for WordPress, all versions through 1.0.4, due to a lack of proper capability checks. This flaw allows unauthenticated attackers to access sensitive data by reading server configuration settings and predefined variables. Notably, the vulnerability can be exploited even if the plugin is not activated.

A vulnerability exists in the Post Saint WordPress plugin, specifically in versions through 1.3.1, allowing authenticated users with subscriber-level access and above to upload arbitrary files. This issue arises from a lack of proper capability checks and file type validation in the add_image_to_library AJAX action. The vulnerability could be exploited to execute remote code on the server.

A stored cross-site scripting vulnerability has been identified in the Chatroll Live Chat plugin for WordPress, affecting all versions through 2.5.0. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'chatroll' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected page.

A stored cross-site scripting vulnerability has been identified in the Candifly plugin for WordPress, affecting all versions through 1.0.6. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'candifly' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.

A stored cross-site scripting vulnerability has been identified in the Marketplace Items plugin for WordPress, affecting all versions up to and including 1.5.5. The issue arises from inadequate input sanitization and output escaping of user-supplied attributes in the plugin's 'marketplace' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the affected pages.