The Exclusive Addons for Exclusive Addons for Elementor for WordPress, in versions up to and including 2.6.9, is vulnerable to stored cross-site scripting (XSS) via the 's' parameter. Improper input sanitization and output escaping allow an attacker with contributor-level permissions or higher to inject arbitrary JavaScript that executes when a user views the affected page.
The Tatsu wordpress plugin version 3.3.11 and below is vulnerable to unauthenticated remote code execution. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability is identified as CVE-2021-25094.
The WordPress User Registration & Membership Plugin version 4.1.1 and below allows unauthenticated users to escalate privileges. An attacker can exploit this vulnerability to gain unauthorized access and perform malicious actions.
Reservit Hotel plugin version 2.1 does not properly sanitize and escape certain settings, allowing high privilege users, like admin, to execute Stored Cross-Site Scripting attacks. This vulnerability can be exploited even when the unfiltered_html capability is restricted.
The Slider & Popup Builder by Depicter plugin for WordPress up to version 3.6.1 is vulnerable to SQL Injection through the 's' parameter. Attackers can inject additional SQL queries to extract sensitive data from the database due to lack of proper input validation and escaping.
The WordPress plugin 'Backup and Staging by WP Time Capsule' up to version 1.21.16 allows unauthenticated attackers to upload arbitrary files via the upload.php endpoint, potentially leading to remote code execution by uploading and executing a PHP file directly from a specific directory.
SureTriggers OttoKit Plugin version 1.0.82 and below is vulnerable to privilege escalation. By exploiting this vulnerability, an attacker can create an administrator account on the target WordPress site if the plugin is installed but uninitialized, and the site displays the REST API endpoint '/wp-json/sure-triggers/v1/automation/action'. The attacker can send a crafted HTTP POST request to achieve this.
A Stored Cross-Site Scripting (XSS) vulnerability exists in WordPress File Upload plugin version 4.23.3 and prior. By inserting a malicious shortcode in a post, an attacker can trigger an XSS attack when a file is uploaded, leading to potential script execution in the victim's browser. This vulnerability has been assigned CVE-2023-4811.
The Comments Like Dislike plugin for WordPress <= 1.2.0 allows unauthorized modification of data due to a missing capability check on the restore_settings function called through an AJAX action. Authenticated attackers with minimal permissions, such as subscribers, can reset the plugin's settings. The issue was only partially patched in version 1.2.0, making the nonce still accessible to subscriber-level users.
A severe vulnerability was found in WordPress Plugin Duplicator version 1.5.7.1. The flaw allows unauthorized access to sensitive data in the database and other information on the site, leading to potential brute force attacks on password hashes and complete system compromise. Exploiting this flaw poses a significant security risk.
Services By CQR