Mallory Adams

**Nome do software vulnerável e versões afetadas: Versões do plugin Quiz-master-next anteriores à 4.7.9 para WordPress Descrição: A vulnerabilidade permite a falsificação de solicitação entre sites (CSRF), resultando em um ataque de script entre sites (XSS) armazenado, por meio do parâmetro `question name`. Isso ocorre porque o arquivo js/admin question.js processa incorretamente a análise dentro de um elemento SCRIPT. Recomendações: Para versões anteriores à 4.7.9, atualize para a versão 4.7.9 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao parâmetro `question name` no endpoint da API afetado até que o problema seja resolvido.

**Nome do software vulnerável e versões afetadas: Plugin Private Only versão 3.5.1 para WordPress Descrição: A vulnerabilidade permite que invasores remotos se apropriem da autenticação de administradores para diversas solicitações, incluindo adicionar usuários, excluir publicações ou modificar arquivos PHP. Além disso, ela possibilita ataques de cross-site scripting (XSS) por meio do parâmetro `po logo` na página “privateonly.php” para “wp-admin/options-general.php”. Recomendações: Para o plugin Private Only versão 3.5.1, atualize para uma versão que corrija essas falhas para evitar ataques CSRF e XSS. Como solução temporária, considere restringir o acesso à página privateonly.php e ao endpoint wp-admin/options-general.php para minimizar o risco de exploração. Evite usar o parâmetro `po logo` no endpoint da API afetado até que a falha seja resolvida.

**Nome do software vulnerável e versões afetadas: Versões do plugin Plotly anteriores à 1.0.3 Descrição: A vulnerabilidade permite que usuários remotos autenticados injetem scripts da Web ou HTML arbitrários por meio de um pedido POST, o que pode levar a um ataque de script entre sites (XSS). Recomendações: Para versões do plugin Plotly anteriores à 1.0.3, atualize para a versão 1.0.3 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** buddypress-activity-plus plugin version 1.6.1 and earlier **Description** The issue concerns a CSRF vulnerability with resultant directory traversal. This occurs via the "wp-admin/admin-ajax.php" API endpoint, specifically through the `bpfb photos[]` parameter in a `bpfb remove temp images` action. **Recommendations** For versions 1.6.1 and earlier, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bpfb remove temp images` action and the `bpfb photos[]` parameter in the "wp-admin/admin-ajax.php" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress oauth2-provider plugin versions prior to 3.1.5 **Description** The issue is related to the incorrect generation of random numbers in the oauth2-provider plugin for WordPress. **Recommendations** For versions prior to 3.1.5, update the oauth2-provider plugin to version 3.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** copy-me plugin version 1.0.0 **Description** The issue concerns a CSRF problem in the copy-me plugin for WordPress, allowing non-public posts to be copied to a public location. **Recommendations** For version 1.0.0, consider disabling the copy-me plugin until a patch is available to prevent exploitation of the CSRF issue.

**Name of the Vulnerable Software and Affected Versions** multisite-post-duplicator plugin versions prior to 1.1.3 **Description** The issue concerns a CSRF vulnerability in the multisite-post-duplicator plugin for WordPress. It affects the `wp-admin/tools.php?page=mpd` endpoint. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp-admin/tools.php?page=mpd` endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Social Pug - Easy Social Share Buttons plugin versions prior to 1.2.6 **Description** The issue allows for XSS via the `dpsp message class` parameter in the "wp-admin/admin.php?page=dpsp-toolkit" API endpoint. **Recommendations** For Social Pug - Easy Social Share Buttons plugin versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP User Groups versions 2.0.0 through 2.1.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page, which can be exploited to modify user groups and types. This can occur when an Admin clicks on a malicious link. **Recommendations** For WP User Groups versions 2.0.0 through 2.1.0, update to version 2.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tooltipy (tooltips for WP) version 5 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page, which could allow anybody to duplicate posts. This attack appears to be exploitable via an Admin following a link. **Recommendations** For version 5, update to version 5.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Metronet Tag Manager versions 1.2.7 through 1.2.8 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability located in the Settings page at the "/wp-admin/options-general.php?page=metronet-tag-manager" endpoint. This vulnerability can be exploited when a logged-in user follows a malicious link, potentially allowing an attacker to perform actions with admin privileges. **Recommendations** For Metronet Tag Manager versions 1.2.7 through 1.2.8, update to version 1.2.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tooltipy Tooltipy (tooltips for WP) versions prior to 5.1 **Description** The issue allows for Cross Site Scripting (XSS) in the Glossary shortcode, potentially enabling an attacker to perform actions with admin privileges. The attack is exploitable when an admin follows a link. **Recommendations** For versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Glossary shortcode until the update is applied. Avoid following suspicious links, especially when logged in as an admin.

**Name of the Vulnerable Software and Affected Versions** WP ULike versions 2.8.1 through 3.1 **Description** The issue is related to Incorrect Access Control in AJAX, allowing anybody to delete any row in certain tables. This can be exploited by making an AJAX request. **Recommendations** For WP ULike versions 2.8.1 through 3.1, update to version 3.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Image Zoom versions prior to 1.24 **Description** The issue is related to Incorrect Access Control in AJAX settings, which can lead to a denial of service. This can be triggered intentionally or unintentionally via CSRF by any logged-in user. **Recommendations** For WP Image Zoom versions prior to 1.24, update to version 1.24 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP ULike versions 2.8.1 through 3.1 **Description** The issue allows unauthorized users to perform administrative actions due to a Cross Site Scripting (XSS) vulnerability in the Settings screen. This can be exploited when an admin visits the logs page. **Recommendations** For WP ULike versions 2.8.1 through 3.1, update to version 3.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP HTML Sitemap plugin version 1.2 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the "wp-html-sitemap" page in "wp-admin/options-general.php". **Recommendations** For WP HTML Sitemap plugin version 1.2, consider disabling access to the wp-admin/options-general.php page until a patch is available to prevent exploitation of the CSRF issue.

**Name of the Vulnerable Software and Affected Versions** Subscribe To Comments Reloaded plugin versions prior to 140219 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via a request to the "subscribe-to-comments-reloaded/options/index.php" page to "wp-admin/admin.php". **Recommendations** For versions prior to 140219, update the Subscribe To Comments Reloaded plugin to version 140219 or later to resolve the issue. As a temporary workaround, consider restricting access to the subscribe-to-comments-reloaded/options/index.php page to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WordPress download-manager plugin versions prior to 2.9.52 Description: The issue concerns a security problem where an attacker can exploit the `id` parameter in a `wpdm generate password` action to `wp-admin/admin-ajax.php` API endpoint, leading to a potential XSS attack. Recommendations: For versions prior to 2.9.52, update the download-manager plugin to version 2.9.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp-admin/admin-ajax.php` API endpoint or avoiding the use of the `id` parameter in the `wpdm generate password` action until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 **Description** The issue allows logged-in users to perform actions similar to those of an administrator due to a Stored XSS. **Recommendations** For Salutation Responsive WordPress + BuddyPress Theme version 3.0.15, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YouTube (WordPress plugin) (affected versions not specified) **Description** The issue allows an unauthenticated attacker to change any setting within the plugin due to a CSRF weakness. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.