| CVE-2020-29171 |
2021-02-10 22:15:00 |
Wp security & firewall |
wp-security-&-firewall |
Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress. [ Reference URL ] |
MEDIUM |
| CVE-2020-35942 |
2021-02-10 01:15:00 |
Nextgen gallery |
nextgen-gallery |
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) [ Reference URL ] |
MEDIUM |
| CVE-2020-35943 |
2021-02-10 01:15:00 |
Nextgen gallery |
nextgen-gallery |
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) [ Reference URL ] |
MEDIUM |
| CVE-2020-36012 |
2021-01-27 20:15:00 |
Multi store |
multi-store |
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. [ Reference URL ] |
LOW |
| CVE-2020-27850 |
2021-01-20 11:15:00 |
Gravityforms |
gravityforms |
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). [ Reference URL ] |
LOW |
| CVE-2020-27851 |
2021-01-20 11:15:00 |
Gravityforms |
gravityforms |
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). [ Reference URL ] |
LOW |
| CVE-2020-27852 |
2021-01-20 11:15:00 |
Gravityforms |
gravityforms |
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.). [ Reference URL ] |
LOW |
| CVE-2020-28707 |
2021-01-20 05:15:00 |
Stockdio historical chart |
stockdio-historical-chart |
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated. The stockdio_eventer function listens for any postMessage event. After a message event is sent to the application, this function sets the "e" variable as the event and checks that the types of the data and data.method are not undefined (empty) before proceeding to eval the data.method received from the postMessage. However, on a different website. JavaScript code can call window.open for the vulnerable WordPress instance and do a postMessage(msg,'*') for that object. [ Reference URL ] |
MEDIUM |
| CVE-2020-35748 |
2021-01-16 00:15:00 |
Fv flowplayer video player |
fv-flowplayer-video-player |
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter. [ Reference URL ] |
LOW |
| CVE-2020-35749 |
2021-01-16 00:15:00 |
Simple board job |
simple-board-job |
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. [ Reference URL ] |
MEDIUM |
| CVE-2020-35581 |
2021-01-15 14:15:00 |
Envira gallery |
envira-gallery |
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter. [ Reference URL ] |
LOW |
| CVE-2020-35582 |
2021-01-15 14:15:00 |
Envira gallery |
envira-gallery |
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter. [ Reference URL ] |
LOW |
| CVE-2020-36172 |
2021-01-06 22:15:00 |
Advanced custom fields |
advanced-custom-fields |
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-36173 |
2021-01-06 22:15:00 |
Ninja forms |
ninja-forms |
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. [ Reference URL ] |
MEDIUM |
| CVE-2020-36174 |
2021-01-06 22:15:00 |
Ninja forms |
ninja-forms |
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration. [ Reference URL ] |
MEDIUM |
| CVE-2020-36175 |
2021-01-06 22:15:00 |
Ninja forms |
ninja-forms |
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. [ Reference URL ] |
MEDIUM |
| CVE-2020-36171 |
2021-01-06 22:15:00 |
Website builder |
website-builder |
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads. [ Reference URL ] |
MEDIUM |
| CVE-2020-36176 |
2021-01-06 22:15:00 |
Ithemes security |
ithemes-security |
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. [ Reference URL ] |
MEDIUM |
| CVE-2020-36170 |
2021-01-06 21:15:00 |
Ultimate member |
ultimate-member |
The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidden name="timestamp" fields in forms. [ Reference URL ] |
MEDIUM |
| CVE-2020-36155 |
2021-01-05 01:15:00 |
Ultimate member |
ultimate-member |
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access. [ Reference URL ] |
HIGH |
| CVE-2020-36157 |
2021-01-05 01:15:00 |
Ultimate member |
ultimate-member |
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Roles. Due to the lack of filtering on the role parameter that could be supplied during the registration process, an attacker could supply the role parameter with a WordPress capability (or any custom Ultimate Member role) and effectively be granted those privileges. [ Reference URL ] |
HIGH |
| CVE-2020-36156 |
2021-01-05 01:15:00 |
Ultimate member |
ultimate-member |
An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges. [ Reference URL ] |
MEDIUM |
| CVE-2020-35944 |
2021-01-01 11:15:00 |
Pagelayer |
pagelayer |
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-35946 |
2021-01-01 11:15:00 |
All in one seo pack |
all-in-one-seo-pack |
An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS. [ Reference URL ] |
LOW |
| CVE-2020-35947 |
2021-01-01 11:15:00 |
Pagelayer |
pagelayer |
An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur. [ Reference URL ] |
MEDIUM |
| CVE-2020-35951 |
2021-01-01 11:15:00 |
Quiz and survey master |
quiz-and-survey-master |
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). [ Reference URL ] |
MEDIUM |
| CVE-2020-35945 |
2021-01-01 11:15:00 |
Divi extra |
divi-extra |
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side. [ Reference URL ] |
MEDIUM |
| CVE-2020-35949 |
2021-01-01 11:15:00 |
Quiz and survey master |
quiz-and-survey-master |
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file. [ Reference URL ] |
HIGH |
| CVE-2020-35948 |
2021-01-01 11:15:00 |
Xcloner |
xcloner |
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump. [ Reference URL ] |
MEDIUM |
| CVE-2020-35950 |
2021-01-01 11:15:00 |
Xcloner |
xcloner |
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). [ Reference URL ] |
MEDIUM |
| CVE-2020-35932 |
2021-01-01 09:15:00 |
Newsletter |
newsletter |
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. [ Reference URL ] |
MEDIUM |
| CVE-2020-35933 |
2021-01-01 09:15:00 |
Newsletter |
newsletter |
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. [ Reference URL ] |
LOW |
| CVE-2020-35936 |
2021-01-01 09:15:00 |
Team showcase |
team-showcase |
Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. [ Reference URL ] |
MEDIUM |
| CVE-2020-35937 |
2021-01-01 09:15:00 |
Team showcase |
team-showcase |
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. [ Reference URL ] |
MEDIUM |
| CVE-2020-35938 |
2021-01-01 09:15:00 |
Team showcase |
team-showcase |
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. [ Reference URL ] |
MEDIUM |
| CVE-2020-35939 |
2021-01-01 09:15:00 |
Team showcase |
team-showcase |
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. [ Reference URL ] |
MEDIUM |
| CVE-2020-35934 |
2021-01-01 09:15:00 |
Advanced access manager |
advanced-access-manager |
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin). [ Reference URL ] |
MEDIUM |
| CVE-2020-35935 |
2021-01-01 09:15:00 |
Advanced access manager |
advanced-access-manager |
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) [ Reference URL ] |
MEDIUM |
| CVE-2020-35773 |
2020-12-30 01:15:00 |
Site offline |
site-offline |
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. [ Reference URL ] |
MEDIUM |
| CVE-2020-29156 |
2020-12-28 02:15:00 |
Woocommerce |
woocommerce |
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. [ Reference URL ] |
MEDIUM |
| CVE-2020-29172 |
2020-12-26 09:15:00 |
Litespeed cache |
litespeed-cache |
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. [ Reference URL ] |
MEDIUM |
| CVE-2020-35589 |
2020-12-21 14:15:00 |
Limit login attempts reloaded |
limit-login-attempts-reloaded |
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. [ Reference URL ] |
LOW |
| CVE-2020-35590 |
2020-12-21 14:15:00 |
Limit login attempts reloaded |
limit-login-attempts-reloaded |
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. [ Reference URL ] |
MEDIUM |
| CVE-2020-35489 |
2020-12-18 02:15:00 |
Contact form 7 |
contact-form-7 |
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. [ Reference URL ] |
HIGH |
| CVE-2020-29303 |
2020-12-15 03:15:00 |
Directories pro |
directories-pro |
A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token. [ Reference URL ] |
MEDIUM |
| CVE-2020-29304 |
2020-12-15 03:15:00 |
Directories pro |
directories-pro |
A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow. [ Reference URL ] |
MEDIUM |
| CVE-2020-35234 |
2020-12-14 10:15:00 |
Easy wp smtp |
easy-wp-smtp |
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there. [ Reference URL ] |
MEDIUM |
| CVE-2020-35235 |
2020-12-14 10:15:00 |
Secure file manager |
secure-file-manager |
** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. [ Reference URL ] |
MEDIUM |
| CVE-2020-35135 |
2020-12-11 12:15:00 |
Ultimate category excluder |
ultimate-category-excluder |
The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. [ Reference URL ] |
MEDIUM |
| CVE-2020-14205 |
2020-12-09 03:15:00 |
Divebook |
divebook |
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs. [ Reference URL ] |
MEDIUM |
| CVE-2020-14206 |
2020-12-09 03:15:00 |
Divebook |
divebook |
The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). [ Reference URL ] |
MEDIUM |
| CVE-2020-14207 |
2020-12-09 03:15:00 |
Divebook |
divebook |
The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. [ Reference URL ] |
MEDIUM |
| CVE-2020-29395 |
2020-12-01 03:15:00 |
Eventon |
eventon |
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. [ Reference URL ] |
MEDIUM |
| CVE-2020-28976 |
2020-11-30 21:15:00 |
Canto |
canto |
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. [ Reference URL ] |
MEDIUM |
| CVE-2020-28977 |
2020-11-30 21:15:00 |
Canto |
canto |
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. [ Reference URL ] |
MEDIUM |
| CVE-2020-28978 |
2020-11-30 21:15:00 |
Canto |
canto |
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. [ Reference URL ] |
MEDIUM |
| CVE-2020-28649 |
2020-11-16 11:15:00 |
Child theme creator |
child-theme-creator |
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. [ Reference URL ] |
MEDIUM |
| CVE-2020-28650 |
2020-11-16 11:15:00 |
Page builder |
page-builder |
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. [ Reference URL ] |
LOW |
| CVE-2020-27481 |
2020-11-12 21:15:00 |
Good learning management system |
good-learning-management-system |
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. [ Reference URL ] |
HIGH |
| CVE-2020-24063 |
2020-11-11 04:15:00 |
Canto |
canto |
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. [ Reference URL ] |
MEDIUM |
| CVE-2020-28339 |
2020-11-08 02:15:00 |
Welcart e commerce |
welcart-e-commerce |
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. [ Reference URL ] |
MEDIUM |
| CVE-2020-22276 |
2020-11-05 00:15:00 |
Weforms |
weforms |
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. [ Reference URL ] |
HIGH |
| CVE-2020-22275 |
2020-11-05 00:15:00 |
Easy registration forms |
easy-registration-forms |
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. [ Reference URL ] |
MEDIUM |
| CVE-2020-22277 |
2020-11-05 00:15:00 |
Import and export users and customers |
import-and-export-users-and-customers |
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. [ Reference URL ] |
MEDIUM |
| CVE-2020-16140 |
2020-10-28 05:15:00 |
Greenmart |
greenmart |
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-27615 |
2020-10-22 04:15:00 |
Loginizer |
loginizer |
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. [ Reference URL ] |
HIGH |
| CVE-2020-27344 |
2020-10-22 03:15:00 |
Cm download manager |
cm-download-manager |
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-5650 |
2020-10-21 23:15:00 |
Simple download monitor |
simple-download-monitor |
Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. [ Reference URL ] |
MEDIUM |
| CVE-2020-5651 |
2020-10-21 23:15:00 |
Simple download monitor |
simple-download-monitor |
SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL. [ Reference URL ] |
MEDIUM |
| CVE-2020-26672 |
2020-10-16 22:15:00 |
Testimonial rotator |
testimonial-rotator |
Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database. [ Reference URL ] |
LOW |
| CVE-2020-5642 |
2020-10-15 10:15:00 |
Live Chat - Live Support |
onwebchat |
Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. [ Reference URL ] |
MEDIUM |
| CVE-2020-26876 |
2020-10-08 00:15:00 |
Wp courses |
wp-courses |
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist). [ Reference URL ] |
MEDIUM |
| CVE-2020-26596 |
2020-10-07 23:15:00 |
Wordpress |
wordpress |
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role. [ Reference URL ] |
HIGH |
| CVE-2020-26511 |
2020-10-02 12:15:00 |
Wordpress + azure ad / Office 365 |
wpo365-login |
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass. [ Reference URL ] |
MEDIUM |
| CVE-2020-20406 |
2020-09-17 03:15:00 |
Elementor page builder |
elementor-page-builder |
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom attributes. [ Reference URL ] |
LOW |
| CVE-2020-25375 |
2020-09-14 23:15:00 |
Wp smart crm & invoices |
wp-smart-crm-&-invoices |
Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field, Email field, and Skype field. [ Reference URL ] |
LOW |
| CVE-2020-25378 |
2020-09-14 23:15:00 |
Wp floating menu |
wp-floating-menu |
Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. [ Reference URL ] |
MEDIUM |
| CVE-2020-25379 |
2020-09-14 23:15:00 |
Recall products |
recall-products |
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. [ Reference URL ] |
MEDIUM |
| CVE-2020-25380 |
2020-09-14 23:15:00 |
Recall products |
recall-products |
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed. [ Reference URL ] |
LOW |
| CVE-2020-5780 |
2020-09-10 22:15:00 |
Email subscribers & newsletters |
email-subscribers-&-newsletters |
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. [ Reference URL ] |
MEDIUM |
| CVE-2020-25213 |
2020-09-09 23:15:00 |
File manager |
file-manager |
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. [ Reference URL ] |
HIGH |
| CVE-2020-24948 |
2020-09-03 22:15:00 |
Autoptimize |
autoptimize |
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. [ Reference URL ] |
MEDIUM |
| CVE-2020-20628 |
2020-09-01 00:15:00 |
Wp gdpr |
wp-gdpr |
controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-20625 |
2020-08-31 23:15:00 |
Sliced invoices |
sliced-invoices |
Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. [ Reference URL ] |
MEDIUM |
| CVE-2020-20626 |
2020-08-31 23:15:00 |
Lara's google analytics |
lara's-google-analytics |
lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. [ Reference URL ] |
LOW |
| CVE-2020-20627 |
2020-08-31 23:15:00 |
Givewp |
givewp |
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. [ Reference URL ] |
MEDIUM |
| CVE-2020-24699 |
2020-08-31 23:15:00 |
Chamber dashboard business directory |
chamber-dashboard-business-directory |
The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-15020 |
2020-08-31 20:15:00 |
Page builder |
page-builder |
An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. [ Reference URL ] |
LOW |
| CVE-2020-25033 |
2020-08-31 12:15:00 |
Subscribe sidebar |
subscribe-sidebar |
The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-11497 |
2020-08-27 02:15:00 |
Nab transact |
nab-transact |
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. [ Reference URL ] |
MEDIUM |
| CVE-2020-24315 |
2020-08-26 21:15:00 |
Wordpress poll |
wordpress-poll |
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. [ Reference URL ] |
MEDIUM |
| CVE-2020-24316 |
2020-08-26 21:15:00 |
Admin menu |
admin-menu |
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. [ Reference URL ] |
MEDIUM |
| CVE-2020-24312 |
2020-08-26 20:15:00 |
File manager |
file-manager |
mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. [ Reference URL ] |
MEDIUM |
| CVE-2020-24313 |
2020-08-26 20:15:00 |
Ultimate appointment booking & scheduling |
ultimate-appointment-booking-&-scheduling |
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. [ Reference URL ] |
MEDIUM |
| CVE-2020-24314 |
2020-08-26 20:15:00 |
Rss feed widget |
rss-feed-widget |
Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL. [ Reference URL ] |
MEDIUM |
| CVE-2020-24186 |
2020-08-24 21:15:00 |
Wpdiscuz |
wpdiscuz |
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. [ Reference URL ] |
HIGH |
| CVE-2020-20633 |
2020-08-21 23:15:00 |
Gdpr cookie consent |
gdpr-cookie-consent |
ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation. [ Reference URL ] |
LOW |
| CVE-2020-20634 |
2020-08-21 22:15:00 |
Elementor page builder |
elementor-page-builder |
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. [ Reference URL ] |
MEDIUM |
| CVE-2020-17362 |
2020-08-13 05:15:00 |
Nova lite |
nova-lite |
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-5611 |
2020-07-27 14:15:00 |
Social sharing |
social-sharing |
Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. [ Reference URL ] |
MEDIUM |
| CVE-2020-14063 |
2020-07-22 01:15:00 |
Tc custom javascript |
tc-custom-javascript |
A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors. [ Reference URL ] |
MEDIUM |
| CVE-2020-5767 |
2020-07-18 05:15:00 |
Email subscribers & newsletters |
email-subscribers-&-newsletters |
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. [ Reference URL ] |
MEDIUM |
| CVE-2020-5768 |
2020-07-18 05:15:00 |
Email subscribers & newsletters |
email-subscribers-&-newsletters |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. [ Reference URL ] |
MEDIUM |
| CVE-2020-5766 |
2020-07-13 22:15:00 |
Srs simple hits counter |
srs-simple-hits-counter |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. [ Reference URL ] |
MEDIUM |
| CVE-2020-15299 |
2020-07-10 02:15:00 |
Kingcomposer |
kingcomposer |
A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser. [ Reference URL ] |
MEDIUM |
| CVE-2020-15535 |
2020-07-05 23:15:00 |
Car rental system |
car-rental-system |
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. [ Reference URL ] |
MEDIUM |
| CVE-2020-15536 |
2020-07-05 23:15:00 |
Online hotel booking system |
online-hotel-booking-system |
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. [ Reference URL ] |
MEDIUM |
| CVE-2020-15537 |
2020-07-05 23:15:00 |
Vanguard |
vanguard |
An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box. [ Reference URL ] |
MEDIUM |
| CVE-2020-14092 |
2020-07-02 23:15:00 |
Paypal pro |
paypal-pro |
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection. [ Reference URL ] |
HIGH |
| CVE-2020-15363 |
2020-06-28 19:15:00 |
Nexos |
nexos |
The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. [ Reference URL ] |
MEDIUM |
| CVE-2020-15364 |
2020-06-28 19:15:00 |
Nexos |
nexos |
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-15038 |
2020-06-25 03:15:00 |
Coming soon page, under construction & maintenance mode |
coming-soon-page,-under-construction-&-maintenance-mode |
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. [ Reference URL ] |
LOW |
| CVE-2020-13700 |
2020-06-24 22:15:00 |
Acf to rest api |
acf-to-rest-api |
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. [ Reference URL ] |
MEDIUM |
| CVE-2020-13426 |
2020-06-23 01:15:00 |
Multi scheduler |
multi-scheduler |
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known. [ Reference URL ] |
MEDIUM |
| CVE-2020-14959 |
2020-06-22 07:15:00 |
Easy testimonials |
easy-testimonials |
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. [ Reference URL ] |
LOW |
| CVE-2020-14962 |
2020-06-22 07:15:00 |
Image photo gallery final tiles grid |
image-photo-gallery-final-tiles-grid |
Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to wp-admin/admin-ajax.php. [ Reference URL ] |
LOW |
| CVE-2020-13640 |
2020-06-18 22:15:00 |
Wpdiscuz |
wpdiscuz |
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) [ Reference URL ] |
HIGH |
| CVE-2020-14010 |
2020-06-11 01:15:00 |
Xenon |
xenon |
The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. [ Reference URL ] |
MEDIUM |
| CVE-2020-13892 |
2020-06-10 01:15:00 |
Sportspress |
sportspress |
The SportsPress plugin before 2.7.2 for WordPress allows XSS. [ Reference URL ] |
LOW |
| CVE-2020-12800 |
2020-06-09 00:15:00 |
Drag and drop multiple file upload contact form 7 |
drag-and-drop-multiple-file-upload---contact-form-7 |
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. [ Reference URL ] |
HIGH |
| CVE-2020-13864 |
2020-06-06 05:15:00 |
Elementor page builder |
elementor-page-builder |
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links. [ Reference URL ] |
LOW |
| CVE-2020-13865 |
2020-06-06 05:15:00 |
Elementor page builder |
elementor-page-builder |
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes. [ Reference URL ] |
LOW |
| CVE-2020-13764 |
2020-06-03 04:15:00 |
Gravityforms |
gravityforms |
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. [ Reference URL ] |
MEDIUM |
| CVE-2020-12675 |
2020-05-29 23:15:00 |
Mappress |
mappress |
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077. [ Reference URL ] |
MEDIUM |
| CVE-2020-13693 |
2020-05-29 07:15:00 |
Bbpress |
bbpress |
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. [ Reference URL ] |
HIGH |
| CVE-2020-13641 |
2020-05-28 11:15:00 |
Real time find and replace |
real-time-find-and-replace |
An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser. [ Reference URL ] |
MEDIUM |
| CVE-2020-13642 |
2020-05-28 11:15:00 |
Page builder |
page-builder |
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. [ Reference URL ] |
MEDIUM |
| CVE-2020-13643 |
2020-05-28 11:15:00 |
Page builder |
page-builder |
An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The live_editor_panels_data $_POST variable allows for malicious JavaScript to be executed in the victim's browser. [ Reference URL ] |
MEDIUM |
| CVE-2020-13644 |
2020-05-28 11:15:00 |
Accordion |
accordion |
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion. [ Reference URL ] |
LOW |
| CVE-2020-13487 |
2020-05-26 21:15:00 |
Bbpress |
bbpress |
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI. [ Reference URL ] |
LOW |
| CVE-2020-5579 |
2020-05-20 18:15:00 |
Paid memberships pro |
paid-memberships-pro |
SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. [ Reference URL ] |
MEDIUM |
| CVE-2020-13125 |
2020-05-17 08:15:00 |
Ultimate addons for elementor |
ultimate-addons-for-elementor |
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. [ Reference URL ] |
MEDIUM |
| CVE-2020-13126 |
2020-05-17 08:15:00 |
Elementor page builder |
elementor-page-builder |
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. [ Reference URL ] |
MEDIUM |
| CVE-2020-12832 |
2020-05-14 01:15:00 |
Simple file list |
simple-file-list |
WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. [ Reference URL ] |
HIGH |
| CVE-2020-12742 |
2020-05-13 20:15:00 |
Iubenda cookie law solution |
iubenda-cookie-law-solution |
The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. [ Reference URL ] |
MEDIUM |
| CVE-2020-11530 |
2020-05-09 03:15:00 |
Chop slider |
chop-slider |
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. [ Reference URL ] |
HIGH |
| CVE-2020-12696 |
2020-05-07 12:15:00 |
Iframe |
iframe |
The iframe plugin before 4.5 for WordPress does not sanitize a URL. [ Reference URL ] |
MEDIUM |
| CVE-2020-11727 |
2020-05-07 01:15:00 |
Advanced order export |
advanced-order-export |
A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php woe_post_type parameter. [ Reference URL ] |
MEDIUM |
| CVE-2020-8799 |
2020-05-05 23:15:00 |
Wti like post |
wti-like-post |
A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website. [ Reference URL ] |
LOW |
| CVE-2020-12104 |
2020-05-05 22:15:00 |
Wp advanced search |
wp-advanced-search |
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. [ Reference URL ] |
MEDIUM |
| CVE-2020-6010 |
2020-04-30 22:15:00 |
Learnpress |
learnpress |
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection [ Reference URL ] |
MEDIUM |
| CVE-2020-12462 |
2020-04-30 00:15:00 |
Ninja forms |
ninja-forms |
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-12070 |
2020-04-25 06:15:00 |
Advanced woo search |
advanced-woo-search |
The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php. [ Reference URL ] |
MEDIUM |
| CVE-2020-12054 |
2020-04-23 22:15:00 |
Catch breadcrumb |
catch-breadcrumb |
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. [ Reference URL ] |
MEDIUM |
| CVE-2020-12077 |
2020-04-23 10:15:00 |
Mappress |
mappress |
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. [ Reference URL ] |
MEDIUM |
| CVE-2020-12073 |
2020-04-23 09:15:00 |
Gutenberg & elementor templates importer for responsive |
gutenberg-&-elementor-templates-importer-for-responsive |
The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. [ Reference URL ] |
MEDIUM |
| CVE-2020-12074 |
2020-04-23 09:15:00 |
Import export wordpress users |
import-export-wordpress-users |
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. [ Reference URL ] |
MEDIUM |
| CVE-2020-12075 |
2020-04-23 09:15:00 |
Data tables generator |
data-tables-generator |
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. [ Reference URL ] |
MEDIUM |
| CVE-2020-12076 |
2020-04-23 09:15:00 |
Data tables generator |
data-tables-generator |
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-7055 |
2020-04-23 01:15:00 |
Elementor page builder |
elementor-page-builder |
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive. [ Reference URL ] |
HIGH |
| CVE-2020-11930 |
2020-04-20 08:15:00 |
Translate wordpress with gtranslate |
translate-wordpress-with-gtranslate |
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option. [ Reference URL ] |
MEDIUM |
| CVE-2020-11928 |
2020-04-20 07:15:00 |
Media library assistant |
media-library-assistant |
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. [ Reference URL ] |
HIGH |
| CVE-2020-11738 |
2020-04-14 05:15:00 |
Duplicator |
duplicator |
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. [ Reference URL ] |
MEDIUM |
| CVE-2020-11673 |
2020-04-13 22:15:00 |
Responsive poll |
responsive-poll |
An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is due to the usage of the callback wp_ajax_nopriv function in Includes/Total-Soft-Poll-Ajax.php for sensitive operations. [ Reference URL ] |
HIGH |
| CVE-2020-11731 |
2020-04-13 09:15:00 |
Media library assistant |
media-library-assistant |
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. [ Reference URL ] |
MEDIUM |
| CVE-2020-11732 |
2020-04-13 09:15:00 |
Media library assistant |
media-library-assistant |
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. [ Reference URL ] |
MEDIUM |
| CVE-2020-11508 |
2020-04-08 02:15:00 |
Wp lead plus x |
wp-lead-plus-x |
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. [ Reference URL ] |
LOW |
| CVE-2020-11509 |
2020-04-08 02:15:00 |
Wp lead plus x |
wp-lead-plus-x |
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page). [ Reference URL ] |
MEDIUM |
| CVE-2020-11512 |
2020-04-08 00:15:00 |
Impress for idx broker |
impress-for-idx-broker |
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts. [ Reference URL ] |
LOW |
| CVE-2020-11514 |
2020-04-08 00:15:00 |
Rankmath |
rankmath |
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. [ Reference URL ] |
HIGH |
| CVE-2020-11515 |
2020-04-08 00:15:00 |
Rankmath |
rankmath |
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). [ Reference URL ] |
MEDIUM |
| CVE-2020-11516 |
2020-04-08 00:15:00 |
Contact form 7 datepicker |
contact-form-7-datepicker |
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session. [ Reference URL ] |
LOW |
| CVE-2020-9514 |
2020-04-08 00:15:00 |
Impress for idx broker |
impress-for-idx-broker |
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user (with the Subscriber role) to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages (via create_dynamic_page and delete_dynamic_page). [ Reference URL ] |
MEDIUM |
| CVE-2020-11548 |
2020-04-05 07:15:00 |
Search meter |
search-meter |
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed. [ Reference URL ] |
HIGH |
| CVE-2020-6009 |
2020-04-02 05:15:00 |
Learndash |
learndash |
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. [ Reference URL ] |
HIGH |
| CVE-2020-5391 |
2020-04-01 20:15:00 |
Wp auth0 |
wp-auth0 |
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. [ Reference URL ] |
MEDIUM |
| CVE-2020-5392 |
2020-04-01 20:15:00 |
Wp auth0 |
wp-auth0 |
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. [ Reference URL ] |
MEDIUM |
| CVE-2020-6753 |
2020-04-01 20:15:00 |
Login by auth0 |
login-by-auth0 |
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. [ Reference URL ] |
MEDIUM |
| CVE-2020-7947 |
2020-04-01 20:15:00 |
Login by auth0 |
login-by-auth0 |
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded. [ Reference URL ] |
HIGH |
| CVE-2020-7948 |
2020-04-01 20:15:00 |
Login by auth0 |
login-by-auth0 |
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference. [ Reference URL ] |
MEDIUM |
| CVE-2020-6008 |
2020-03-31 22:15:00 |
Lifterlms |
lifterlms |
LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution [ Reference URL ] |
HIGH |
| CVE-2020-10817 |
2020-03-28 02:15:00 |
Custom searchable data entry system |
custom-searchable-data-entry-system |
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. [ Reference URL ] |
MEDIUM |
| CVE-2020-10385 |
2020-03-24 23:15:00 |
Contact form |
contact-form |
A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-lite) plugin before 1.5.9 for WordPress. [ Reference URL ] |
LOW |
| CVE-2020-9392 |
2020-03-24 00:15:00 |
Pricing table by supsystic |
pricing-table-by-supsystic |
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. [ Reference URL ] |
HIGH |
| CVE-2020-7916 |
2020-03-17 01:15:00 |
Learnpress |
learnpress |
be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. [ Reference URL ] |
MEDIUM |
| CVE-2020-10568 |
2020-03-14 21:15:00 |
Sitepress multilingual cms |
sitepress-multilingual-cms |
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings. [ Reference URL ] |
MEDIUM |
| CVE-2020-10564 |
2020-03-14 06:15:00 |
Wordpress file upload |
wordpress-file-upload |
An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call. [ Reference URL ] |
HIGH |
| CVE-2020-10195 |
2020-03-13 23:15:00 |
Popup builder |
popup-builder |
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info. [ Reference URL ] |
MEDIUM |
| CVE-2020-10196 |
2020-03-13 23:15:00 |
Popup builder |
popup-builder |
An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup's fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup's ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications. [ Reference URL ] |
MEDIUM |
| CVE-2020-8435 |
2020-03-12 21:15:00 |
Registrationmagic |
registrationmagic |
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. [ Reference URL ] |
MEDIUM |
| CVE-2020-8436 |
2020-03-12 21:15:00 |
Registrationmagic |
registrationmagic |
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. [ Reference URL ] |
MEDIUM |
| CVE-2020-10257 |
2020-03-10 07:15:00 |
Topper theme and skins |
topper-theme-and-skins |
The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. [ Reference URL ] |
HIGH |
| CVE-2020-9454 |
2020-03-07 02:15:00 |
Registrationmagic |
registrationmagic |
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. [ Reference URL ] |
MEDIUM |
| CVE-2020-9455 |
2020-03-07 02:15:00 |
Registrationmagic |
registrationmagic |
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. [ Reference URL ] |
MEDIUM |
| CVE-2020-9456 |
2020-03-07 02:15:00 |
Registrationmagic |
registrationmagic |
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. [ Reference URL ] |
MEDIUM |
| CVE-2020-9457 |
2020-03-07 02:15:00 |
Registrationmagic |
registrationmagic |
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. [ Reference URL ] |
MEDIUM |
| CVE-2020-9458 |
2020-03-07 02:15:00 |
Registrationmagic |
registrationmagic |
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. [ Reference URL ] |
MEDIUM |
| CVE-2020-9371 |
2020-03-05 02:15:00 |
Appointment booking calendar |
appointment-booking-calendar |
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. [ Reference URL ] |
LOW |
| CVE-2020-9372 |
2020-03-05 02:15:00 |
Appointment booking calendar |
appointment-booking-calendar |
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection. [ Reference URL ] |
MEDIUM |
| CVE-2020-9459 |
2020-02-29 04:15:00 |
Modern events calendar lite |
modern-events-calendar-lite |
Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions. This affects mec_save_notifications and import_settings. [ Reference URL ] |
LOW |
| CVE-2020-9466 |
2020-02-29 03:15:00 |
Export users to csv |
export-users-to-csv |
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection. [ Reference URL ] |
MEDIUM |
| CVE-2020-9393 |
2020-02-26 02:15:00 |
Pricing table by supsystic |
pricing-table-by-supsystic |
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-9394 |
2020-02-26 02:15:00 |
Pricing table by supsystic |
pricing-table-by-supsystic |
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF. [ Reference URL ] |
MEDIUM |
| CVE-2020-9019 |
2020-02-26 01:15:00 |
Wpjobboard |
wpjobboard |
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description. [ Reference URL ] |
MEDIUM |
| CVE-2020-9334 |
2020-02-26 00:15:00 |
Photo gallery |
photo-gallery |
A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. [ Reference URL ] |
LOW |
| CVE-2020-9335 |
2020-02-26 00:15:00 |
Photo gallery |
photo-gallery |
Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users. [ Reference URL ] |
LOW |
| CVE-2020-5244 |
2020-02-25 01:15:00 |
Buddypress |
buddypress |
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2. [ Reference URL ] |
MEDIUM |
| CVE-2020-9003 |
2020-02-21 05:15:00 |
Modula image gallery |
modula-image-gallery |
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. [ Reference URL ] |
LOW |
| CVE-2020-5530 |
2020-02-18 13:15:00 |
Easy property listings |
easy-property-listings |
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. [ Reference URL ] |
MEDIUM |
| CVE-2020-9043 |
2020-02-18 00:15:00 |
Wpcentral |
wpcentral |
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. [ Reference URL ] |
HIGH |
| CVE-2020-6850 |
2020-02-17 23:15:00 |
Saml sp single sign on |
saml-sp-single-sign-on |
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. [ Reference URL ] |
MEDIUM |
| CVE-2020-9006 |
2020-02-17 22:15:00 |
Popup builder |
popup-builder |
The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_popup_ajax.php) via PHP Deserialization on attacker-controlled data with the attachmentUrl POST variable. This allows creation of an arbitrary WordPress Administrator account, leading to possible Remote Code Execution because Administrators can run PHP code on Wordpress instances. (This issue has been fixed in the 3.x branch of popup-builder.) [ Reference URL ] |
HIGH |
| CVE-2020-8594 |
2020-02-15 03:15:00 |
Ninja forms |
ninja-forms |
The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. [ Reference URL ] |
LOW |
| CVE-2020-8596 |
2020-02-11 19:15:00 |
Participants database |
participants-database |
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met). [ Reference URL ] |
MEDIUM |
| CVE-2020-8771 |
2020-02-07 00:15:00 |
Wp time capsule |
wp-time-capsule |
The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. [ Reference URL ] |
HIGH |
| CVE-2020-8772 |
2020-02-07 00:15:00 |
Infinitewp client |
infinitewp-client |
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. [ Reference URL ] |
HIGH |
| CVE-2020-8658 |
2020-02-06 10:15:00 |
Htaccess |
htaccess |
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website. [ Reference URL ] |
MEDIUM |
| CVE-2020-8615 |
2020-02-05 03:15:00 |
Tutor lms |
tutor-lms |
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). [ Reference URL ] |
LOW |
| CVE-2020-8549 |
2020-02-04 00:15:00 |
Strong testimonials |
strong-testimonials |
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. [ Reference URL ] |
MEDIUM |
| CVE-2020-8498 |
2020-01-31 06:15:00 |
Gistpress |
gistpress |
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). [ Reference URL ] |
LOW |
| CVE-2020-8426 |
2020-01-29 06:15:00 |
Elementor page builder |
elementor-page-builder |
The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user. [ Reference URL ] |
LOW |
| CVE-2020-8417 |
2020-01-29 04:15:00 |
Code snippets |
code-snippets |
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. [ Reference URL ] |
MEDIUM |
| CVE-2020-7109 |
2020-01-23 00:15:00 |
Elementor page builder |
elementor-page-builder |
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template. [ Reference URL ] |
HIGH |
| CVE-2020-7228 |
2020-01-22 22:15:00 |
Calculated fields form |
calculated-fields-form |
The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user. [ Reference URL ] |
LOW |
| CVE-2020-6849 |
2020-01-22 02:15:00 |
Marketo forms and tracking |
marketo-forms-and-tracking |
The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. [ Reference URL ] |
MEDIUM |
| CVE-2020-7239 |
2020-01-21 12:15:00 |
Chatbot with ibm watson |
chatbot-with-ibm-watson |
The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent. [ Reference URL ] |
MEDIUM |
| CVE-2020-7241 |
2020-01-21 03:15:00 |
Wp database backup |
wp-database-backup |
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. [ Reference URL ] |
MEDIUM |
| CVE-2020-7104 |
2020-01-18 06:15:00 |
Chained quiz |
chained-quiz |
The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter. [ Reference URL ] |
MEDIUM |
| CVE-2020-7047 |
2020-01-17 04:15:00 |
Wp database reset |
wp-database-reset |
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. [ Reference URL ] |
MEDIUM |
| CVE-2020-7048 |
2020-01-17 04:15:00 |
Wp database reset |
wp-database-reset |
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI. [ Reference URL ] |
MEDIUM |
| CVE-2020-7107 |
2020-01-16 12:15:00 |
Ultimate faq |
ultimate-faq |
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. [ Reference URL ] |
MEDIUM |
| CVE-2020-7108 |
2020-01-16 12:15:00 |
Learndash |
learndash |
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field. [ Reference URL ] |
MEDIUM |
| CVE-2020-6859 |
2020-01-14 00:15:00 |
Ultimate member |
ultimate-member |
Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image. [ Reference URL ] |
MEDIUM |
| CVE-2020-6166 |
2020-01-10 03:15:00 |
Minimal coming soon & maintenance mode |
minimal-coming-soon-&-maintenance-mode |
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. [ Reference URL ] |
MEDIUM |
| CVE-2020-6168 |
2020-01-10 03:15:00 |
Minimal coming soon & maintenance mode |
minimal-coming-soon-&-maintenance-mode |
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). [ Reference URL ] |
MEDIUM |
| CVE-2020-6167 |
2020-01-10 02:15:00 |
Minimal coming soon & maintenance mode |
minimal-coming-soon-&-maintenance-mode |
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo. [ Reference URL ] |
MEDIUM |