James Golovich

**Name of the Vulnerable Software and Affected Versions** cloud-init versions prior to 23.1.2 **Description** The issue allows sensitive data to be exposed in logs, which an attacker could use to find hashed passwords and possibly escalate their privilege. **Recommendations** For versions prior to 23.1.2, update to version 23.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the logs to minimize the risk of exploitation.

**Nome do software vulnerável e versões afetadas** Versões do plugin Advanced Custom Fields para WordPress anteriores à 5.12.3 Versões do plugin Advanced Custom Fields Pro para WordPress anteriores à 5.12.3 **Descrição** A vulnerabilidade permite que usuários não autenticados façam upload de arquivos, limitados àqueles permitidos na configuração padrão do WordPress, caso haja um formulário no front-end disponível. Isso foi introduzido na reescrita da versão 5.0 e não existia antes desse lançamento. **Recomendações** Para versões do plugin Advanced Custom Fields para WordPress anteriores à 5.12.3, atualize para a versão 5.12.3 ou posterior. Para versões do plugin Advanced Custom Fields Pro para WordPress anteriores à 5.12.3, atualize para a versão 5.12.3 ou posterior. Como solução temporária, considere restringir o acesso aos formulários front-end até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** Elegant Themes Extra theme versions prior to 1.2.4 **Description** The issue allows for privilege escalation. **Recommendations** For versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Elegant Themes Bloom plugin versions prior to 1.1.1 **Description** The issue allows for privilege escalation. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Elegant Themes Monarch plugin versions prior to 1.2.7 **Description** The issue allows for privilege escalation. **Recommendations** For versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp-invoice plugin versions prior to 4.1.1 **Description** The issue is related to incorrect access control for admin init settings changes in the wp-invoice plugin. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** optinmonster plugin versions prior to 1.1.4.6 **Description** The issue is related to incorrect access control for shortcodes due to a nonce leak. **Recommendations** For versions prior to 1.1.4.6, update to version 1.1.4.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp-invoice plugin versions prior to 4.1.1 **Description** The issue is related to incorrect access control over updates to payer metadata for the wpi interkassa module. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp-invoice plugin versions prior to 4.1.1 **Description** The issue is related to incorrect access control over updates to payer metadata for the wpi twocheckout component. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp-invoice plugin versions prior to 4.1.1 **Description** The issue allows for privilege escalation due to the wpi update user option. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp-invoice plugin versions prior to 4.1.1 **Description** The issue is related to incorrect access control in the wp-invoice plugin, specifically over the `wpi user id` variable for invoice retrieval. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp-invoice plugin versions prior to 4.1.1 **Description** The issue is related to incorrect access control, specifically over updates to payer metadata for PayPal in the wp-invoice plugin. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PeepSo Core plugin versions prior to 1.6.1 **Description** The issue concerns a privilege escalation in the PeepSoProfilePreferencesAjax->save() function. **Recommendations** For PeepSo Core plugin versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MemberSonic Lite plugin for WordPress versions prior to 1.302 **Description** The issue is related to incorrect login access control. It allows access with only the knowledge of an e-mail address, which is insufficient for secure authentication. **Recommendations** For versions prior to 1.302, update to version 1.302 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ninja Forms plugin versions prior to 2.9.42.1 **Description** The issue allows remote attackers to conduct PHP object injection attacks. This is achieved by sending crafted serialized values in a POST request. **Recommendations** For versions prior to 2.9.42.1, update to version 2.9.42.1 or later to resolve the issue.