Francesco Marano

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 **Description** The issue concerns the lack of validation and sanitization of the `wp query` parameter, allowing an attacker to execute arbitrary commands on the remote server. **Recommendations** For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 **Description** The issue allows attackers to make logged-in users perform unwanted actions, leading to remote code execution. This is due to the plugins not checking nonce tokens early enough in the request lifecycle. **Recommendations** For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** Campaign Monitor Forms by Optin Cat WordPress plugin versions prior to 2.5.6 **Description** The issue allows users with low privileges, such as subscribers, to overwrite any options on a site with the string "true", potentially leading to various outcomes, including Denial of Service (DoS). **Recommendations** For versions prior to 2.5.6, update to version 2.5.6 or later to resolve the issue. As a temporary workaround, consider restricting low-privileged users' access to sensitive site options until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Build App Online WordPress plugin versions prior to 1.0.19 **Description** The issue arises from the plugin's failure to properly sanitise and escape certain parameters before using them in a SQL statement. This occurs via an AJAX action that is accessible to unauthenticated users, leading to a SQL injection. **Recommendations** For versions prior to 1.0.19, update to version 1.0.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent unauthenticated users from exploiting the SQL injection vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Visual Email Designer for WooCommerce WordPress plugin versions prior to 1.7.2 **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by users with a role as low as author. **Recommendations** For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.