Cydave

**Name of the Vulnerable Software and Affected Versions** Kanboard versions prior to 1.2.51 **Description** Kanboard is project management software focused on the Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection issue. Attackers with permission to add users to a project can exploit this to dump the entire Kanboard database. The vulnerability allows for SQL injection through the addition of users to a project. The `add users` functionality is the point of exploitation. Version 1.2.51 resolves this issue. **Recommendations** Versions prior to 1.2.51 should be updated to version 1.2.51 or later.

**Nome do Software Vulnerável e Versões Afetadas** Versões do Frappe anteriores à 14.93.2 Versões do Frappe anteriores à 15.55.0 **Descrição** Foi identificada uma vulnerabilidade de Injeção de SQL no Framework Frappe, que poderia permitir que um ator malicioso acessasse informações sensíveis. **Recomendações** Para versões anteriores à 14.93.2, atualize para a versão 14.93.2 para resolver o problema. Para versões anteriores à 15.55.0, atualize para a versão 15.55.0 para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin versions 1.7.1 and earlier **Description** The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by authenticated users. **Recommendations** For versions 1.7.1 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Checkout Field Manager WordPress plugin versions prior to 18.0 **Description** The issue allows unauthenticated attackers to upload arbitrary files, such as PHP files, to the server due to a lack of file validation for uploads. This could potentially lead to server compromise. **Recommendations** For versions prior to 18.0, update to version 18.0 or later to resolve the issue. As a temporary workaround, consider disabling file upload functionality until a patch is available. Restrict access to sensitive server areas to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FL3R FeelBox WordPress plugin versions 8.1 and earlier **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. **Recommendations** For versions 8.1 and earlier, consider disabling the AJAX action until a patch is available to prevent exploitation. Restrict access to the SQL statement to minimize the risk of injection. Avoid using the vulnerable parameter in the affected AJAX endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Membership For WooCommerce WordPress plugin versions prior to 2.1.7 **Description** The issue allows unauthenticated users to upload arbitrary files, including malicious PHP code, which could lead to remote code execution (RCE). This is due to a lack of validation for uploaded files. **Recommendations** For versions prior to 2.1.7, update to version 2.1.7 or later to resolve the issue. As a temporary workaround, consider disabling file upload functionality until a patch is available. Restrict access to sensitive areas where file uploads are permitted to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Panda Pods Repeater Field WordPress plugin versions prior to 1.5.4 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against a user with at least Contributor permission. **Recommendations** For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to users with Contributor permission or higher until the update is applied.

**Name of the Vulnerable Software and Affected Versions** پلاگین پرداخت دلخواه WordPress plugin versions prior to 2.9.3 **Description** The issue allows unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege user, such as an admin, visits a page from the plugin. This occurs because the plugin does not properly sanitise and escape some parameters. **Recommendations** For پلاگین پرداخت دلخواه WordPress plugin versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's pages for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** CBX Petition for WordPress plugin versions 1.0.3 and earlier **Description** The issue arises from the plugin's failure to properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. **Recommendations** For CBX Petition for WordPress plugin versions 1.0.3 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection. As a temporary workaround, consider restricting access to the AJAX action to authenticated users only until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Images Optimize and Upload CF7 WordPress plugin versions 2.1.4 and earlier **Description** The issue concerns a lack of validation for files to be deleted via an AJAX action, which is accessible to unauthenticated users. This could allow attackers to delete arbitrary files on the server using a path traversal attack. **Recommendations** For versions 2.1.4 and earlier, as a temporary workaround, consider disabling the AJAX action related to file deletion until a patch is available. Restrict access to the file deletion functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** User Post Gallery WordPress plugin versions 2.19 and earlier **Description** The issue is related to insufficient authorization procedure in the User Post Gallery WordPress plugin, allowing remote attackers to execute arbitrary code. This is possible because the plugin does not limit what callback functions can be called by users, making it possible for any visitors to run code on sites running it. **Recommendations** For versions 2.19 and earlier, consider disabling the plugin until a patch is available to prevent potential code execution by unauthorized users. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The WordPress Events Calendar WordPress plugin versions prior to 1.4.5 **Description** The issue concerns a Reflected Cross-Site Scripting problem. It arises because a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against both unauthenticated and authenticated users, including those with high privileges like administrators. **Recommendations** For versions prior to 1.4.5, update to version 1.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Fontsy WordPress plugin versions prior to 1.8.7 **Description** The issue arises from improper sanitization and escaping of a parameter in a SQL statement, which is accessible via an AJAX action to unauthenticated users, leading to SQL injection. **Recommendations** For Fontsy WordPress plugin versions prior to 1.8.7, update to version 1.8.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Show All Comments WordPress plugin version prior to 7.0.1 **Description** The issue is related to a Reflected Cross-Site Scripting attack, which could be used against logged-in high-privilege users, such as admins. This occurs because the plugin does not properly sanitise and escape a `parameter` before outputting it back in the page. The exploitation of this issue may allow a remote attacker to conduct cross-site scripting attacks. **Recommendations** For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Post Status Notifier Lite WordPress plugin versions prior to 1.10.1 **Description** The issue is related to a Reflected Cross-Site Scripting that can be used against high privilege users such as admin, due to the plugin not sanitising and escaping a parameter before outputting it back in the page. **Recommendations** For versions prior to 1.10.1, update to version 1.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sunshine Photo Cart WordPress plugin versions prior to 2.9.15 **Description** The issue is related to the Sunshine Photo Cart WordPress plugin, which does not properly sanitise and escape a `parameter` before outputting it back in the page. This leads to a Reflected Cross-Site Scripting (XSS) attack. The exploitation of this issue may allow a remote attacker to conduct an XSS attack. **Recommendations** For versions prior to 2.9.15, update to version 2.9.15 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable parameter until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bg Bible References WordPress plugin versions 3.8.14 and earlier **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitized and escaped before being outputted back in the page. This allows for malicious scripts to be injected and executed. **Recommendations** For Bg Bible References WordPress plugin versions 3.8.14 and earlier, update to a version later than 3.8.14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PDF Generator for WordPress plugin versions prior to 1.1.2 **Description** The issue is related to a Reflected Cross-Site Scripting susceptibility in a vendored dompdf example file included in the PDF Generator for WordPress plugin. This could be exploited against high-privilege users, such as administrators. The vulnerability is associated with the lack of protection measures for the web page structure, potentially allowing a remote attacker to conduct cross-site scripting attacks. **Recommendations** For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the dompdf example file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Product list Widget for Woocommerce WordPress plugin through 1.0 **Description** The issue is related to a Reflected Cross-Site Scripting that could be used against both unauthenticated and authenticated users, including high-privilege ones like admin. This occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. **Recommendations** For The Product list Widget for Woocommerce WordPress plugin through 1.0, update to a version that properly sanitises and escapes parameters to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider restricting access to the plugin's functionality to minimise the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP-Lister Lite for Amazon WordPress plugin versions prior to 2.4.4 **Description** The issue is related to a Reflected Cross-Site Scripting that can be used against high-privilege users such as admin. This occurs because the plugin does not properly sanitize and escape a parameter before outputting it back in the page. **Recommendations** For WP-Lister Lite for Amazon WordPress plugin versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue.