Anant Shrivastava

**Nome do software vulnerável e versões afetadas: Plugin WordPress Portable phpMyAdmin versão 1.4.1 Descrição: O plugin WordPress Portable phpMyAdmin apresenta várias vulnerabilidades que permitem contornar as medidas de segurança. Recomendações: Para o plugin WordPress Portable phpMyAdmin versão 1.4.1, atualize para uma versão que corrija essas vulnerabilidades de contorno de segurança.

**Nome do software vulnerável e versões afetadas: Plugin WordPress Portable phpMyAdmin (versões afetadas não especificadas) Descrição: O plugin WordPress Portable phpMyAdmin apresenta uma falha que permite a contornar a autenticação. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Video Comments Webcam Recorder plugin version 1.55 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `message` parameter in the comments/videowhisper2/r logout.php file. **Recommendations** For Video Comments Webcam Recorder plugin version 1.55, update to a version released after 20140116 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ruven Toolkit plugin versions 1.1 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML. The injection can be done via the `popup` parameter. **Recommendations** For Ruven Toolkit plugin versions 1.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stripShow plugin version 2.5.2 **Description** The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved by exploiting the `story` parameter in an edit action to the "wp-admin/admin.php" endpoint. **Recommendations** For stripShow plugin version 2.5.2, update to a version that fixes this issue, as using the vulnerable version allows attackers to execute arbitrary SQL commands via the `story` parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Last.fm Rotation (lastfm-rotation) plugin version 1.0 for WordPress **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `snode` parameter. This is a directory traversal vulnerability in the lastfm-proxy.php file. **Recommendations** For version 1.0, consider restricting access to the lastfm-proxy.php file until a patch is available. As a temporary workaround, avoid using the `snode` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Simple Retail Menus plugin versions prior to 4.1 **Description** The issue allows remote authenticated editors to execute arbitrary SQL commands. This is achieved by exploiting the `targetmenu` parameter in an edit action to the "wp-admin/admin.php" endpoint. **Recommendations** For versions prior to 4.1, update to version 4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `includes/mode-edit.php` file or limiting the ability to perform edit actions on `wp-admin/admin.php` to minimize the risk of exploitation. Avoid using the `targetmenu` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tom-m8te plugin version 1.5.3 **Description** The issue allows remote attackers to read arbitrary files. This is achieved via the `file` parameter to the "tom-download-file.php" endpoint. **Recommendations** For tom-m8te plugin version 1.5.3, consider restricting access to the "tom-download-file.php" endpoint until a patch is available. Avoid using the `file` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** All Video Gallery plugin version 1.2 **Description** The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via the `id` parameter in an edit action in the "allvideogallery videos" page to "wp-admin/admin.php". **Recommendations** For All Video Gallery plugin version 1.2, avoid using the `id` parameter in the edit action of the allvideogallery videos page until the issue is resolved. Consider restricting access to the allvideogallery videos page in wp-admin/admin.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quartz plugin version 1.01.1 for WordPress **Description** The issue allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands. This is achieved by exploiting the `quote` parameter in an edit action in the quartz/quote form.php page to wp-admin/edit.php. **Recommendations** For Quartz plugin version 1.01.1, avoid using the `quote` parameter in the edit action until a patch is available. As a temporary workaround, consider restricting access to the quartz/quote form.php page for users with Contributor privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Rss Poster (wp-rss-poster) plugin version 1.0.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "wrp-add-new" page to "wp-admin/admin.php". **Recommendations** For WP Rss Poster (wp-rss-poster) plugin version 1.0.0, consider avoiding the use of the `id` parameter in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** BookX plugin version 1.7 for WordPress **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by using a .. (dot dot) in the `file` parameter. **Recommendations** For BookX plugin version 1.7, update to a newer version that contains a fix for this issue to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** enl-newsletter plugin version 1.0.1 **Description** The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "enl-add-new" page to "wp-admin/admin.php". **Recommendations** For enl-newsletter plugin version 1.0.1, avoid using the `id` parameter in the "enl-add-new" page until the issue is resolved. Consider restricting access to the enl-add-new page in wp-admin/admin.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tera Charts (tera-charts) plugin version 0.1 for WordPress **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by including a .. (dot dot) in the `fn` parameter to specific API endpoints, such as "charts/treemap.php" or "charts/zoomabletreemap.php". **Recommendations** For Tera Charts (tera-charts) plugin version 0.1, as a temporary workaround, consider restricting access to the "charts/treemap.php" and "charts/zoomabletreemap.php" endpoints until a patch is available. Avoid using the `fn` parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wp-cross-rss plugin version 1.7 **Description** The issue allows remote attackers to read arbitrary files by providing a full pathname in the `rss` parameter to the "proxy.php" endpoint. **Recommendations** For wp-cross-rss plugin version 1.7, consider disabling access to the "proxy.php" endpoint until a patch is available, or restrict the `rss` parameter to prevent full pathname traversal.

**Name of the Vulnerable Software and Affected Versions** Video Posts Webcam Recorder plugin versions 1.55.4 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `message` parameter in the `r logout.php` file. **Recommendations** For Video Posts Webcam Recorder plugin versions 1.55.4 and earlier, avoid using the `message` parameter in the `/posts/videowhisper/r logout.php` endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Verification Code for Comments plugin versions 2.1.0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `vp`, `vs`, `l`, `vu`, or `vm` parameters in the vcc.js.php file. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For Verification Code for Comments plugin versions 2.1.0 and earlier, update to a version later than 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the vcc.js.php file or disabling the plugin until a patch is available. Avoid using the `vp`, `vs`, `l`, `vu`, or `vm` parameters in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Wu-Rating plugin versions 1.0 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the `v` parameter in the wu-ratepost.php file. **Recommendations** For Wu-Rating plugin versions 1.0 and earlier, consider disabling the wu-ratepost.php file or restricting access to it until a patch is available. Avoid using the `v` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP RESTful plugin versions 0.1 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `oauth callback` parameter to "html api authorize.php", or the `oauth token temp` or `oauth callback temp` parameters to "html api login.php". **Recommendations** For WP RESTful plugin versions 0.1 and earlier, consider disabling access to "html api authorize.php" and "html api login.php" until a patch is available. Avoid using the `oauth callback`, `oauth token temp`, and `oauth callback temp` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP-Picasa-Image plugin versions 1.0 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `post id` parameter in the picasa upload.php file. **Recommendations** For WP-Picasa-Image plugin versions 1.0 and earlier, avoid using the `post id` parameter in the picasa upload.php file until the issue is resolved. Consider disabling the picasa upload.php file as a temporary workaround to minimize the risk of exploitation.