Abdulsamad Yusuf

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP SELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

**Nome do Software Vulnerável e Versões Afetadas** LJ comments import: reloaded versões anteriores a 0.97.2 **Description** O plugin LJ comments import: reloaded para WordPress contém um problema de Reflected Cross-Site Scripting causado por sanitização de entrada e escape de saída insuficientes. Atacantes não autenticados podem injetar scripts web arbitrários em páginas ao enganar um usuário para clicar em um link. Isso ocorre porque o parâmetro `PHP SELF` inclui `PATH INFO` controlável pelo atacante anexado ao nome do script, que é então processado por dois pontos de eco não sanitizados dentro da mesma função. **Recommendations** Atualize para uma versão posterior a 0.97.1.

**Nome do Software Vulnerável e Versões Afetadas** SponsorMe versões anteriores a 0.5.3 **Descrição** A sanitização de entrada e a escape de saída insuficientes permitem que atacantes não autenticados injetem scripts web arbitrários em páginas. Isso ocorre quando um usuário é enganado para clicar em um link malicioso. A variável `PHP SELF` é refletida em um atributo de ação de formulário e em um atributo href de âncora dentro da função vulnerável, o que pode ser explorado ao anexar um payload ao endpoint 'wp-admin/admin.php'. **Recomendações** Atualize para uma versão posterior a 0.5.2.

**Nome do Software Vulnerável e Versões Afetadas** Correct Prices versões anteriores a 1.1 **Descrição** O plugin Correct Prices para WordPress está sujeito a Reflected Cross-Site Scripting, uma falha em que uma aplicação inclui dados não confiáveis em uma página web sem a validação adequada, permitindo que um invasor execute scripts no navegador da vítima. O problema ocorre na função `correct prices page()`, que exibe a variável `$ SERVER['PHP SELF']` no atributo action de um formulário sem sanitização de entrada ou escape de saída. Como o `$ SERVER['PHP SELF']` reflete informações de caminho anexadas à URL do script, invasores não autenticados podem injetar marcações e scripts web arbitrários enganando um usuário para que clique em um link especialmente criado. **Recomendações** Atualize para uma versão posterior a 1.0. Como medida paliativa temporária, restrinja o acesso à função `correct prices page()` até que uma correção seja aplicada.

**Nome do Software Vulnerável e Versões Afetadas** Gravity Bookings Premium versões anteriores a 2.6.0 **Descrição** O plugin Gravity Bookings Premium para WordPress contém uma falha de SQL Injection causada pela sanitização insuficiente de parâmetros fornecidos pelo usuário e pela falta de preparação adequada de consultas SQL existentes. Isso permite que atacantes não autenticados anexem consultas SQL adicionais às já existentes para extrair informações sensíveis do banco de dados. **Recomendações** Atualize o plugin para uma versão posterior a 2.5.9.

**Name of the Vulnerable Software and Affected Versions** Comment Genius plugin for WordPress versions up to and including 1.2.5 **Description** The Comment Genius plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping of the `$ SERVER['PHP SELF']` parameter. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the Comment Genius plugin to a version later than 1.2.5.

**Name of the Vulnerable Software and Affected Versions** [CR]Paid Link Manager versions prior to 0.5 **Description** The [CR]Paid Link Manager plugin for WordPress is susceptible to reflected cross-site scripting through the URL path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker can inject arbitrary web scripts into pages that execute if a user is tricked into clicking a malicious link. **Recommendations** Update [CR]Paid Link Manager to version 0.5 or later.

**Name of the Vulnerable Software and Affected Versions** personal-authors-category plugin for WordPress versions up to and including 0.3 **Description** The personal-authors-category plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the URL path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the personal-authors-category plugin to a version newer than 0.3.

**Name of the Vulnerable Software and Affected Versions** Geo Widget versions prior to 1.1 **Description** The Geo Widget plugin for WordPress is susceptible to Stored Cross-Site Scripting through the URL path. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the Geo Widget plugin to version 1.1 or later.

**Name of the Vulnerable Software and Affected Versions** StyleBidet versions prior to 1.0.1 **Description** The StyleBidet plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the URL path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into clicking a malicious link. **Recommendations** Update the StyleBidet plugin to version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Address Bar Ads plugin for WordPress versions prior to 1.0.1 **Description** The Address Bar Ads plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the URL Path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update to Address Bar Ads plugin for WordPress version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Subitem AL Slider versions prior to 1.0.1 **Description** The Subitem AL Slider plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the `$ SERVER['PHP SELF']` parameter. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the Subitem AL Slider plugin to version 1.0.1 or later.

**Nome do Software Vulnerável e Versões Afetadas** Plugin MP-Ukagaka para WordPress versões até 1.5.2 **Descrição** O plugin MP-Ukagaka para WordPress é suscetível a Cross-Site Scripting Refletido devido à sanitização inadequada de entrada e escapamento inadequado de saída. Isso permite que atacantes não autenticados injetem scripts web arbitrários em páginas. A exploração bem-sucedida requer enganar um usuário a realizar uma ação, como clicar em um link malicioso, o que então executa o script injetado. **Recomendações** Atualize o plugin MP-Ukagaka para uma versão superior a 1.5.2.

**Name of the Vulnerable Software and Affected Versions** Peter's Date Countdown plugin for WordPress versions prior to 2.0.1 **Description** The Peter's Date Countdown plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the `$ SERVER['PHP SELF']` parameter. **Recommendations** Update the Peter's Date Countdown plugin to version 2.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Vzaar Media Management plugin for WordPress versions up to and including 1.2 **Description** The Vzaar Media Management plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. The vulnerability affects the `$ SERVER['PHP SELF']` variable. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the Vzaar Media Management plugin to a version newer than 1.2.

**Name of the Vulnerable Software and Affected Versions** JustClick registration plugin for WordPress versions prior to and including 0.1 **Description** The JustClick registration plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is a result of inadequate input sanitization and output escaping applied to the `PHP SELF` server variable. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the JustClick registration plugin to a version newer than 0.1.

**Name of the Vulnerable Software and Affected Versions** Top Position Google Finance versions up to and including 0.1.0 **Description** The Top Position Google Finance plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which can execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the `$ SERVER['PHP SELF']` variable. **Recommendations** Update Top Position Google Finance to a version newer than 0.1.0.

**Name of the Vulnerable Software and Affected Versions** Lesson Plan Book versions prior to 1.4 **Description** The Lesson Plan Book plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the `$ SERVER['PHP SELF']` variable. **Recommendations** Update Lesson Plan Book to version 1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Shabat Keeper versions up to and including 0.4.4 **Description** The Shabat Keeper plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link. The vulnerability is related to the `$ SERVER['PHP SELF']` parameter. **Recommendations** Update Shabat Keeper to a version newer than 0.4.4

**Name of the Vulnerable Software and Affected Versions** MG AdvancedOptions versions prior to 1.3 **Description** The MG AdvancedOptions plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute if a user is tricked into performing an action, such as clicking a malicious link. The vulnerability is related to the `$ SERVER['PHP SELF']` variable. **Recommendations** Versions prior to 1.3 should be updated to address this issue.