Stored XSS in the Salavat Counter WordPress plugin up to version 0.9.5 allows authenticated administrators to inject malicious scripts through the 'image_url' parameter due to inadequate input sanitization and output escaping. When users visit affected pages, the injected scripts execute in their browsers, potentially compromising site integrity and user sessions. A patch is not currently available.
PostmarkApp Email Integrator (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).
Stored XSS in the Client Testimonial Slider WordPress plugin through version 2.0 allows administrators to inject malicious scripts into the 'Testimonial Heading' setting due to inadequate input sanitization. The injected scripts execute when users view affected pages, impacting multi-site WordPress installations or sites with unfiltered_html disabled. Currently no patch is available.
Stored cross-site scripting in Tennis Court Bookings plugin for WordPress through version 1.2.7 allows administrators to inject malicious scripts into admin settings that execute when other users access affected pages. The vulnerability requires high privileges and only impacts multi-site WordPress installations or those with unfiltered_html disabled. No patch is currently available.
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]
Server-Side Request Forgery in totalsoft TS Poll versions 2.5.5 and earlier enables authenticated attackers with high privileges to make arbitrary network requests from the affected server. While this MEDIUM severity vulnerability (CVSS 4.4) requires high-privilege credentials and difficult exploitation conditions, it could facilitate reconnaissance or attacks against internal resources. No patch is currently available.
Stored XSS in the TalkJS WordPress plugin through version 0.1.15 permits high-privilege administrators to inject malicious scripts into admin settings that execute for all users viewing affected pages, restricted to multisite installations or those with unfiltered_html disabled. The vulnerability stems from inadequate input sanitization and output escaping in the plugin's settings handling. No patch is currently available.
Stored XSS in WordPress Slidorion plugin through version 1.0.2 allows administrators to inject malicious scripts via insufficiently sanitized settings that execute when other users view affected pages. The vulnerability requires high privileges and only manifests in multisite WordPress installations or those with unfiltered HTML disabled. No patch is currently available.
Spring Data Geode's snapshot import functionality uses predictable temporary directories with overly permissive permissions, allowing local users on shared systems to read cache data belonging to other users. An attacker with basic local privileges can access and extract snapshot contents without authorization, compromising the confidentiality of sensitive cached information. No patch is currently available for this medium-severity vulnerability.
Indico versions before 3.3.10 allow authenticated event organizers to conduct server-side request forgery attacks by providing arbitrary URLs that the application will access, potentially exposing internal services and cloud metadata endpoints. An attacker with event organizer privileges can leverage this to retrieve sensitive data from localhost or cloud infrastructure endpoints that lack authentication controls. The vulnerability affects deployments on cloud platforms like AWS where metadata services are accessible; administrators should upgrade to version 3.3.10 to remediate.
MailerLite MailerLite official-mailerlite-sign-up-forms is affected by missing authorization (CVSS 4.3).
CryoutCreations Serious Slider cryout-serious-slider is affected by missing authorization (CVSS 4.3).
WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite is affected by missing authorization (CVSS 4.3).
The Shopire theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the shopire_admin_install_plugin() function in all versions up to, and including, 1.0.57. [CVSS 4.3 MEDIUM]
The Dealia - Request a quote WordPress plugin fails to properly validate user permissions on AJAX endpoints, allowing authenticated users with Contributor-level access or higher to reset plugin configuration by exploiting an exposed admin nonce. An attacker with basic edit_posts capability can bypass the capability check and modify critical plugin settings without administrative privileges. The vulnerability affects all versions up to 1.0.6 and currently has no available patch.
GFI MailEssentials AI versions prior to 22.4 allow authenticated users to enumerate arbitrary directories on the server through the ListServer.IsPathExist() web method, which fails to validate filesystem paths before checking their existence. An attacker with valid credentials can exploit this information disclosure vulnerability to map the server's directory structure and identify sensitive locations. No patch is currently available for this vulnerability.
GFI MailEssentials AI versions before 22.4 expose a file enumeration vulnerability in the ListServer.IsDBExist() web method that allows authenticated users to probe arbitrary filesystem paths and determine file existence on the server. An attacker can exploit this by submitting unrestricted paths via the JSON "path" parameter, which are processed without validation, disclosing sensitive information about the server's filesystem structure. No patch is currently available for this vulnerability.
Ninja Tables plugin through version 5.2.5 inadvertently exposes sensitive data in outbound communications, allowing authenticated users to retrieve embedded sensitive information. This authenticated vulnerability affects all installations of the affected versions, though exploitation requires valid user credentials. No patch is currently available.
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the `vd_get_apikey` function which is hooked to `wp_ajax_virusdie_apikey`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve the site's Virusdie API key, which could be used to access the site owner's Virusdie account and potentially compromis...
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acf_photo_gallery_edit_save" function in all versions up to, and including, 3.0. [CVSS 4.3 MEDIUM]
Authenticated users can modify email configurations in YayMail for WooCommerce through version 4.3.2 due to missing authorization checks on access control settings. An attacker with low-level WordPress user privileges could alter email templates or settings without proper permissions. No patch is currently available for this vulnerability.
SPIP versions prior to 4.4.9 contain a blind server-side request forgery vulnerability in the syndication feature that allows authenticated users to manipulate the application into making arbitrary network requests to internal or external systems. An attacker with valid credentials can exploit this by crafting malicious syndication URLs during site editing, bypassing the security filter mechanisms. No patch is currently available for this vulnerability.
Improper access control in StellarWP iThemes Sync through version 3.2.8 allows authenticated attackers to modify data they should not have permission to access. An attacker with valid login credentials could exploit misconfigured authorization checks to perform unauthorized modifications within the plugin. No patch is currently available for this vulnerability.
Penci AI SmartContent Creator version 2.0 and earlier contains an authorization bypass vulnerability that allows authenticated users to perform unauthorized actions due to improperly configured access controls. An attacker with valid credentials could exploit this to modify data or functionality they should not have access to. No patch is currently available for this issue.
Improper access control in uixthemes Sober through version 3.5.12 enables authenticated attackers to modify data or resources they should not have permission to access. An attacker with valid login credentials can bypass authorization checks to perform unauthorized actions. No patch is currently available for this vulnerability.
blazethemes News Kit Elementor Addons news-kit-elementor-addons is affected by missing authorization (CVSS 4.3).
The WP-CORS WordPress plugin through version 0.2.2 contains an authorization bypass that allows authenticated users to modify content due to improperly configured access controls. An attacker with valid WordPress credentials could exploit this to make unauthorized changes to website data. No patch is currently available for this vulnerability.
crgeary JAMstack Deployments wp-jamstack-deployments is affected by missing authorization (CVSS 4.3).
The echo-knowledge-base plugin through version 16.011.0 fails to properly enforce access controls, enabling authenticated users to modify content they should not have permission to change. An attacker with valid login credentials could exploit misconfigured authorization rules to alter documentation or FAQ entries within the knowledge base system.
Insufficient access control in ikreatethemes Business Roy versions up to 1.1.4 enables authenticated users to modify data they should not have permission to access. An attacker with valid credentials could exploit misconfigured security levels to perform unauthorized changes within the application. No patch is currently available for this vulnerability.
Sparklewpthemes Fitness FSE plugin versions up to 1.0.6 contains a missing authorization check that allows authenticated users to modify content they should not have access to. An attacker with low-level user privileges can exploit this access control misconfiguration to alter website data without proper permission.
Unauthorized data modification in Hello FSE WordPress theme version 1.0.6 and earlier results from improper access control enforcement. Authenticated users can exploit this vulnerability to make unauthorized changes to website content or settings without proper permission checks.
Elementor Image Optimizer by Elementor image-optimization is affected by missing authorization (CVSS 4.3).
FooGallery through version 3.1.11 contains a missing authorization check that allows authenticated users to modify gallery content they should not have access to. An attacker with valid login credentials can exploit improperly configured access controls to alter galleries, potentially defacing or corrupting gallery data. No patch is currently available.
Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection is affected by missing authorization (CVSS 4.3).
PublishPress PublishPress Authors publishpress-authors is affected by missing authorization (CVSS 4.3).
ExpressTech Systems Quiz And Survey Master quiz-master-next is affected by missing authorization (CVSS 4.3).
Improper access control in MiKa OSM through version 6.1.12 allows authenticated users to modify data or settings they should not have permission to access. An attacker with valid credentials could exploit misconfigured security levels to escalate privileges or alter system configuration. No patch is currently available for this vulnerability.
Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review is affected by missing authorization (CVSS 4.3).
WP Messiah TOP Table Of Contents top-table-of-contents is affected by missing authorization (CVSS 4.3).
FluentForm versions 6.1.14 and earlier contain an access control bypass that allows authenticated users to perform unauthorized modifications. An attacker with valid credentials can exploit improperly configured security levels to alter data they should not have access to. No patch is currently available.
Improper access control in wp.insider Simple Membership plugin versions 4.6.9 and earlier allows authenticated users to bypass security level restrictions and modify content they should not have access to. An attacker with valid credentials can exploit misconfigured access controls to escalate privileges within the plugin. No patch is currently available for this vulnerability.
Improper access control in madalin.ungureanu Client Portal versions up to 1.2.1 allows authenticated users to modify data they should not have access to due to incorrectly configured security levels. An attacker with valid credentials can exploit this missing authorization check to perform unauthorized modifications, though no patch is currently available.
The Shield Security: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `MfaEmailDisable` action in all versions up to, and including, 21.0.9. [CVSS 4.3 MEDIUM]
UpsellWP versions 2.2.3 and earlier contain an authorization bypass vulnerability that allows authenticated users to access checkout upsell features they should not have permission to modify. An attacker with low-privilege account access could exploit improper access control to manipulate order bump and upsell configurations, potentially affecting store operations and revenue.
Cookiebot versions 4.6.4 and earlier contain an access control bypass that allows authenticated attackers to exploit misconfigured security levels and gain unauthorized access to sensitive information. An attacker with low-level user credentials can leverage this vulnerability to read restricted data without proper authorization. No patch is currently available for this vulnerability.
SEO Plugin by Squirrly SEO (WordPress plugin) versions up to 12.4.14. is affected by missing authorization (CVSS 4.3).
The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the `placement_update_item()` function. [CVSS 4.3 MEDIUM]
The Mesmerize Companion plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the "openPageInCustomizer" and "openPageInDefaultEditor" functions in all versions up to, and including, 1.6.158. [CVSS 4.3 MEDIUM]
WP Moose Kenta Companion kenta-companion is affected by cross-site request forgery (csrf) (CVSS 4.3).