Authenticated users in phpMyFAQ 4.0.16 and below can bypass permission checks to download FAQ attachments they should not have access to, due to improper validation of authorization tokens in attachment.php and flawed permission logic. An attacker with valid credentials but without the dlattachment permission can exploit this to retrieve sensitive attachment content. Public exploit code exists for this vulnerability, and no patch is currently available.
phpMyFAQ versions 4.0.16 and below allow authenticated users to access the backup API endpoint without proper authorization checks, enabling them to download configuration files containing sensitive data. The vulnerability stems from incomplete authorization validation in SetupController.php, which only verifies authentication rather than admin permissions. Public exploit code exists for this issue, and no patch is currently available.
Reflected XSS in XWiki Platform versions 7.0 through 17.7.0 enables attackers to craft malicious URLs that execute arbitrary actions with victim privileges, potentially leading to full installation compromise if the victim holds administrative or programming rights. The vulnerability requires user interaction to trigger and affects multiple version branches across the XWiki and XWiki Rendering products. Patches are available for affected versions, and a manual workaround exists that requires modification of a single line in the logging_macros.vm template without requiring a restart.
WP Directory Kit (WordPress plugin) versions up to 1.4.9 is affected by information exposure (CVSS 5.3).
Insufficient access controls in phpMyFAQ 4.0.16 and below expose sensitive information including user email addresses and non-public content through multiple API endpoints, allowing unauthenticated attackers to harvest data for phishing or access private records. Public exploit code exists for this vulnerability, and no patch is currently available. Upgrading to version 4.0.17 or later is required to remediate the exposure.
Avahi daemon versions 0.9rc2 and below can be remotely crashed through a denial of service attack by sending a specially crafted mDNS response with a recursive CNAME record pointing to itself, triggering unbounded recursion and stack exhaustion. This vulnerability affects systems using multicast record browsers, including those relying on nss-mdns for service discovery. A patch is available for affected installations.
MyTube versions 1.7.78 and earlier allow authenticated users to bypass authorization controls and export the complete application database without proper permission validation. An attacker with guest-level access can retrieve sensitive data they are not authorized to access through the unprotected database export endpoint. A patch is available to address this authorization bypass vulnerability.
Stored XSS in WordPress LeadBI Plugin versions through 1.7 allows authenticated contributors and above to inject malicious scripts through the 'form_id' shortcode parameter due to missing input sanitization, enabling attackers to execute arbitrary code in pages viewed by other users. The vulnerability requires user authentication and currently lacks a vendor patch.
Stored cross-site scripting in CM CSS Columns plugin for WordPress through version 1.2.1 allows authenticated contributors and higher-privileged users to inject malicious scripts via improperly sanitized shortcode attributes. When other users view pages containing the injected content, the malicious scripts execute in their browsers, potentially compromising their accounts or stealing sensitive information. No patch is currently available.
Stored cross-site scripting in WordPress Administrative Shortcodes plugin through version 0.3.4 allows authenticated contributors and higher-privileged users to inject malicious scripts into pages via insufficiently sanitized shortcode attributes, executing arbitrary code when other users visit affected pages. The vulnerability requires user interaction and authenticated access but can impact site visitors through persistent payload injection. No patch is currently available.
Stored XSS in the ThemeRuby Multi Authors WordPress plugin through version 1.0.0 allows authenticated contributors and above to inject malicious scripts via unescaped shortcode attributes that execute in other users' browsers. The vulnerability stems from insufficient input sanitization on the 'before' and 'after' parameters, enabling attackers to compromise page content viewed by site visitors. No patch is currently available for this medium-severity vulnerability.
The Alpha Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alpha_block_css’ parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. [CVSS 6.4 MEDIUM]
Stored XSS in the Canto Testimonials WordPress plugin through the 'fx' shortcode attribute allows authenticated users with Contributor access or higher to inject malicious scripts that persist in pages and execute for all visitors. The vulnerability stems from inadequate input sanitization and output escaping in versions up to 1.0, requiring an authenticated attacker but no user interaction. No patch is currently available.
The GZSEO plugin for WordPress is vulnerable to authorization bypass leading to Stored Cross-Site Scripting in all versions up to, and including, 2.0.11. [CVSS 6.4 MEDIUM]
VK Google Job Posting Manager (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.4).
The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the `PHP_SELF` server variable. [CVSS 6.1 MEDIUM]
Reflected XSS in WordPress Timeline Event History plugin (versions up to 3.2) allows unauthenticated attackers to inject arbitrary JavaScript through the unvalidated `id` parameter. An attacker can craft a malicious link to execute scripts in a victim's browser if they click it, potentially leading to session hijacking or credential theft. No patch is currently available.
Save as PDF Plugin by PDFCrowd (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 6.1).
The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. [CVSS 5.4 MEDIUM]
AIKTP plugin for WordPress versions up to 5.0.04 allows authenticated subscribers to retrieve administrator access tokens through an insufficiently protected REST API endpoint, enabling attackers to create posts, upload files, and access private content with admin privileges. The vulnerability stems from missing authorization checks that only verify user login status rather than administrative capabilities. No patch is currently available.
The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up to, and including, 1.1. [CVSS 5.3 MEDIUM]
Wizit Gateway for WooCommerce (WordPress plugin) versions up to 1.2.9. is affected by missing authorization (CVSS 5.3).
Wise Analytics (WordPress plugin) versions up to 1.1.9. is affected by missing authorization (CVSS 5.3).
WP Go Maps plugin for WordPress through version 10.0.04 lacks proper capability validation in the processBackgroundAction() function, allowing authenticated Subscriber-level users to modify global map engine settings. This insufficient access control enables low-privileged attackers to alter critical plugin configurations without proper authorization. No patch is currently available for this vulnerability.
SQL injection in the WP-ClanWars WordPress plugin through version 2.0.1 allows authenticated administrators to execute arbitrary SQL queries via an unescaped 'orderby' parameter, enabling extraction of sensitive database information. The vulnerability requires high-level administrative privileges and does not allow data modification or system availability impacts. No patch is currently available for this issue.
Stored XSS in WordPress Postalicious plugin through version 3.0.1 allows authenticated administrators to inject malicious scripts into admin settings that execute for all users viewing affected pages. The vulnerability requires high privileges and only impacts multi-site WordPress installations or those with unfiltered_html disabled. No patch is currently available.
Stored XSS in the WordPress Responsive Header plugin through version 1.0 allows authenticated administrators to inject malicious scripts into plugin settings that execute for all users viewing affected pages. This impacts multi-site WordPress installations or those with unfiltered_html disabled, requiring high privilege access and manual user interaction to trigger exploitation. No patch is currently available.
Stored cross-site scripting in the JavaScript Notifier WordPress plugin through version 1.2.8 allows administrators to inject malicious scripts into website pages due to improper input sanitization in plugin settings. When users visit affected pages, the injected scripts execute in their browsers, potentially compromising user sessions or stealing sensitive data. This requires administrator-level access to exploit but affects all website visitors who view the compromised pages.
Stored XSS in Meta-box GalleryMeta plugin through WordPress admin settings allows authenticated editors and higher-privileged users to inject malicious scripts that execute for site visitors, affecting only multisite installations or those with unfiltered_html disabled. The vulnerability stems from inadequate input sanitization and output escaping in plugin versions up to 3.0.1, with no patch currently available.
Cookie consent for developers (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).
The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_callback_store_user_meta() function in versions 4.1.0 to 4.6.4. [CVSS 4.3 MEDIUM]
The Meta Box GalleryMeta WordPress plugin through version 3.0.1 fails to enforce proper capability checks on the 'mb_gallery' custom post type, allowing authenticated users with Author-level or higher privileges to create and publish galleries without authorization. This insufficient access control could enable low-privileged attackers to modify gallery content and bypass intended editorial workflows.
Moderate Selected Posts (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. [CVSS 4.3 MEDIUM]
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_AddSurvey AJAX action. [CVSS 4.3 MEDIUM]
WordPress Login Page Editor plugin through version 1.2 lacks CSRF protections on its AJAX settings handler, allowing attackers to modify login page configuration by tricking administrators into visiting malicious links. An unauthenticated attacker can exploit this to alter plugin settings without direct authorization, potentially affecting site security or functionality. No patch is currently available.
WP Youtube Video Gallery (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
Friendly Functions for Welcart (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. [CVSS 4.3 MEDIUM]
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. [CVSS 4.3 MEDIUM]
Set Bulk Post Categories (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
The Star Review Manager WordPress plugin through version 1.2.2 lacks CSRF protections on its settings page, allowing unauthenticated attackers to modify CSS settings by tricking administrators into clicking a malicious link. Site administrators are at risk of unwanted plugin configuration changes that could alter site appearance or functionality. No patch is currently available for this vulnerability.
The ZT Captcha plugin for WordPress through version 1.0.4 contains a cross-site request forgery vulnerability due to insufficient nonce validation that can be bypassed with an empty token. An unauthenticated attacker can exploit this to modify plugin settings by tricking an administrator into clicking a malicious link. No patch is currently available.
The Alex User Counter WordPress plugin through version 6.0 contains a cross-site request forgery vulnerability in its settings function due to missing nonce validation, allowing unauthenticated attackers to modify plugin configuration if they can socially engineer site administrators into clicking a malicious link. The vulnerability has a low barrier to exploitation since it requires only network access and user interaction, though it cannot directly compromise confidentiality or availability. No patch is currently available for this issue.
Simple Crypto Shortcodes (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).