Dc11

**Nome do software vulnerável e versões afetadas** As versões anteriores à 4.7.2 do plugin “Print Invoice & Delivery Notes for WooCommerce” para WordPress **Descrição** O problema é causado por uma vulnerabilidade XSS refletida, que ocorre quando um valor GET é exibido em uma nota de administrador na página de pedidos do WooCommerce. Isso pode ser explorado por usuários com a permissão `edit others shop orders`, desde que o WooCommerce esteja instalado e ativo. A vulnerabilidade é resultado do uso da função `urldecode()` após a limpeza com `esc url raw()`, permitindo a codificação dupla. **Recomendações** Para versões anteriores à 4.7.2, atualize para a versão 4.7.2 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à página de pedidos do WooCommerce para usuários com a capacidade `edit others shop orders` até que a atualização seja aplicada.

**Nome do software vulnerável e versões afetadas** Versões do plugin GiveWP para WordPress anteriores à 2.24.1 **Descrição** O problema diz respeito à escapada inadequada das entradas do usuário antes que elas cheguem às consultas SQL, permitindo potencialmente que invasores não autenticados realizem ataques de injeção de SQL. **Recomendações** Para versões anteriores à 2.24.1, atualize para a versão 2.24.1 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso a consultas sensíveis ao banco de dados até que a atualização seja aplicada.

**Nome do software vulnerável e versões afetadas** Plugin Advanced AJAX Product Filters para WordPress (versões afetadas não especificadas) **Descrição** O problema está relacionado a uma vulnerabilidade de Cross-Site Scripting refletida. Ele ocorre porque o parâmetro POST `term id` não é sanitizado antes de ser exibido na página. Isso permite a injeção potencial de scripts maliciosos. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do plugin Qyrr para WordPress anteriores à 0.7 **Descrição** A vulnerabilidade permite ataques de Cross-Site Scripting devido à falha na codificação do data-uri do código QR ao exibi-lo em um atributo src. Além disso, a ação AJAX `data uri to meta`, disponível para todos os usuários autenticados, está vulnerável a Stored Cross-Site Scripting, pois possui apenas uma verificação CSRF, com o nonce disponível para usuários com uma função tão baixa quanto Contribuinte. Isso permite que qualquer usuário com essa função (ou superior) defina um data-uri malicioso em publicações de código QR arbitrárias. **Recomendações** Para versões anteriores à 0.7, atualize para a versão 0.7 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à ação AJAX `data uri to meta` a funções de nível superior até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue arises from the WP Mail Log WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by users with a role as low as Contributor. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue arises from incorrect authorization of REST API endpoints in the WP Mail Log WordPress plugin, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution. **Recommendations** For WP Mail Log WordPress plugin versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or validating file extensions manually until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue is related to the improper validation of file path parameters when attaching files to emails, leading to local file inclusion. This allows an attacker to leak the contents of arbitrary files. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file attachment feature in the WP Mail Log plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue arises from the WP Mail Log WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by users with a role as low as Contributor. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Vietnam Checkout WordPress plugin versions prior to 2.0.6 **Description** The issue concerns the WooCommerce Vietnam Checkout WordPress plugin, where the custom shipping phone field on the checkout form is not properly escaped, leading to a potential XSS issue. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Meta and Date Remover WordPress plugin versions prior to 2.2.0 **Description** The issue concerns an AJAX endpoint for configuring plugin settings that lacks capability checks and fails to sanitize user input. This input is later output unescaped, allowing any authenticated users, such as subscribers, to change settings and perform Stored Cross-Site Scripting. **Recommendations** For WP Meta and Date Remover WordPress plugin versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint for configuring plugin settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Form Maker by 10Web WordPress plugin versions prior to 1.15.20 **Description** The issue allows unauthenticated users to create arbitrary files on the server from user input due to a lack of signature validation, potentially leading to remote code execution (RCE). **Recommendations** For versions prior to 1.15.20, update to version 1.15.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's file creation functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** SupportCandy WordPress plugin versions prior to 3.1.7 **Description** The issue concerns a lack of proper sanitization and escaping of the `id` parameter for an Agent in the REST API, which can lead to an SQL Injection. This can be exploited by users with a role as low as Subscriber. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoint that uses the `id` parameter to minimize the risk of exploitation. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SupportCandy WordPress plugin versions prior to 3.1.7 **Description** The issue arises from the improper sanitization and escaping of the `agents[]` parameter in the `set add agent leaves` AJAX function, which is then used in a SQL statement. This leads to a SQL injection that can be exploited by high-privilege users, such as administrators. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `set add agent leaves` AJAX function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** The Gallery by BestWebSoft WordPress plugin versions prior to 4.7.0 **Description** The issue is related to a Blind SQL Injection vulnerability due to improper escaping of values used in SQL queries. An attacker must have at least the privileges of an Author, and the vendor's Slider plugin must also be installed for this issue to be exploitable. **Recommendations** For versions prior to 4.7.0, update to version 4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with Author privileges or lower until the update is applied. Additionally, ensure the Slider plugin is not installed or is updated to a version that does not exploit this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Themeflection Numbers WordPress plugin versions prior to 2.0.1 **Description** The issue is related to a lack of authorisation and CSRF check in an AJAX action, which does not ensure that the options to be updated belong to the plugin. This could allow any authenticated users, such as subscribers, to update arbitrary blog options, including enabling registration and setting the default role to administrator. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or disabling it until a patch is available. Additionally, restrict the ability of subscribers to update blog options to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Gallery by BestWebSoft WordPress plugin versions prior to 4.7.0 **Description** The issue arises from improper sanitization of gallery information, leading to a Stored Cross-Site Scripting vulnerability. An attacker must have at least the privileges of the Author role to exploit this. **Recommendations** For versions prior to 4.7.0, update to version 4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the privileges of users to prevent them from having at least the Author role, thereby minimizing the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SupportCandy versions prior to 3.1.5 **Description** The issue is related to the lack of validation and escaping of user input in SQL statements, which could allow unauthenticated attackers to perform SQL injection attacks. This could enable remote attackers to execute arbitrary SQL queries. **Recommendations** For versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `parse user filters` function until a patch is available. Avoid using user input in SQL statements without proper validation and escaping.

**Name of the Vulnerable Software and Affected Versions** User Role by BestWebSoft WordPress plugin versions prior to 1.6.7 **Description** The issue concerns a lack of protection against Cross-Site Request Forgery (CSRF) in requests to update role capabilities, leading to arbitrary privilege escalation of any role. **Recommendations** For versions prior to 1.6.7, update to version 1.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Gallery Blocks with Lightbox WordPress plugin versions prior to 3.0.8 **Description** The issue concerns an AJAX endpoint in the plugin that can be accessed by any authenticated user, including those with a subscriber role. This endpoint's callback function allows for various actions, most notably reading and updating WordPress options. A potential exploit could enable registration with a default administrator user role, posing a significant security risk. **Recommendations** For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint until the update can be applied.