Paolo Tresso

**Nome do Software Vulnerável e Versões Afetadas** Career Section versões anteriores a 1.8 **Descrição** O plugin Career Section para WordPress permite que atacantes não autenticados realizem o upload arbitrário de arquivos por meio do manipulador de upload de CV. Este problema decorre da falta de validação do tipo de arquivo, permitindo o upload de arquivos executáveis que podem levar à execução remota de código. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

Name of the Vulnerable Software and Affected Versions Listeo Core plugin para WordPress versões até 2.0.27 Description O plugin Listeo Core para WordPress é suscetível ao upload de mídia arbitrário não autenticado. Isso ocorre devido à falta de verificações de autorização e capacidade no endpoint AJAX que lida com o upload de arquivos. Um invasor não autenticado pode fazer upload de mídia arbitrária para a biblioteca de mídia do site através da função `listeo core handle dropped media`, sem obter execução direta de código. Recommendations Atualize o plugin Listeo Core para uma versão posterior a 2.0.27.

Name of the Vulnerable Software and Affected Versions WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales versões até e incluindo 3.7.9 Description O plugin WPFunnels para WordPress é suscetível a Cross-Site Scripting Persistente (XSS) através do shortcode 'wpf optin form'. A sanitização inadequada da entrada e a falta de escape da saída do parâmetro `button icon` permitem que atacantes autenticados com acesso de nível de colaborador ou superior injetem scripts web maliciosos em páginas. Esses scripts serão executados quando um usuário acessar a página comprometida. Recommendations Atualize o WPFunnels para uma versão superior a 3.7.9

**Name of the Vulnerable Software and Affected Versions** Mail Mint versions prior to 1.19.3 **Description** The Mail Mint plugin for WordPress is susceptible to blind SQL Injection. This is due to inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. Specifically, the 'order-by', 'order-type', and 'selectedCourses' parameters in the following API endpoints are vulnerable: 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map'. An authenticated attacker with administrator-level access or higher can append additional SQL queries to existing ones. **Recommendations** Update Mail Mint to version 1.19.3 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress GZSEO plugin versions up to and including 2.0.11 **Description** The GZSEO plugin for WordPress has a flaw that allows unauthorized access, leading to Stored Cross-Site Scripting. This is caused by missing capability checks on multiple AJAX handlers and inadequate input sanitization and output escaping of the `embed code` parameter. An attacker with contributor-level access or higher can inject malicious content into any post, which will execute when a user views the affected page. **Recommendations** Update the GZSEO plugin to a version newer than 2.0.11.

**Name of the Vulnerable Software and Affected Versions** WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress versions through 1.1.8 **Description** The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. The vulnerability is related to the `wpgsv map` shortcode. **Recommendations** Update WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress to a version later than 1.1.8.

**Name of the Vulnerable Software and Affected Versions** Frontend Admin by DynamiApps versions up to and including 3.28.23 **Description** The Frontend Admin by DynamiApps plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the `acff` parameter within the 'frontend admin/forms/update field' **API Endpoint**. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute when a user accesses the injected page. The vulnerable parameter is `acff`. **Recommendations** Versions prior to 3.28.23 should be updated to a later version.

**Nome do Software Vulnerável e Versões Afetadas** Plugin Sweet Energy Efficiency para WordPress versões até a 1.0.6 **Descrição** O plugin Sweet Energy Efficiency para WordPress é vulnerável a acesso não autorizado, modificação e perda de dados. Isso se deve à falta de verificação de capacidade no manipulador AJAX `sweet energy efficiency action`. Atacantes autenticados com acesso de nível de assinante ou superior podem ler, modificar e excluir gráficos arbitrários. **Recomendações** Atualize o plugin Sweet Energy Efficiency para uma versão superior à 1.0.6.

**Name of the Vulnerable Software and Affected Versions** Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `eae save elements` function. This allows unauthenticated attackers to enable or disable Elementor addon elements by tricking a site administrator into performing an action, such as clicking on a link. **Recommendations** For Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7, update to a version higher than 1.12.7 to resolve the issue. As a temporary workaround, consider restricting access to the `eae save elements` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 1.12.7, update to a version higher than 1.12.7 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, enabling unfiltered html or taking measures to ensure proper input sanitization and output escaping can help mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7 **Description** The issue allows unauthenticated attackers to extract sensitive data, including post/page ids and titles, via the `ajax eae post data` function. This includes data from posts/pages with pending/draft/future/private status. **Recommendations** For Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7, consider disabling the `ajax eae post data` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `eae save config` function. This allows unauthenticated attackers to change configuration settings for the plugin via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7, update to a version higher than 1.12.7 to resolve the issue. As a temporary workaround, consider restricting access to the `eae save config` function until a patch is available.