Phap Nguyen Anh

**Nome do Software Vulnerável e Versões Afetadas** Plugin Taskbuilder para WordPress nas versões até e incluindo a 5.0.3 **Descrição** O plugin Taskbuilder para WordPress está suscetível a Cross-Site Scripting Armazenado através das configurações de administração. Isso se deve à sanitização de entrada e ao escape de saída inadequados, permitindo que atacantes autenticados com permissões de nível de administrador ou superior injetem scripts web arbitrários nas páginas. Esses scripts serão executados quando um usuário acessar a página injetada. Este problema impacta especificamente instalações multisite e aquelas onde o unfiltered html foi desativado. **Recomendações** Atualize o plugin Taskbuilder para uma versão superior à 5.0.3.

**Name of the Vulnerable Software and Affected Versions** Cart All In One For WooCommerce versions prior to 1.1.22 **Description** The Cart All In One For WooCommerce plugin for WordPress is susceptible to code execution. This occurs because of inadequate input validation on the 'Assign page' field, which is directly passed to the `eval()` function. This allows authenticated attackers with Administrator-level access or higher to execute arbitrary PHP code on the server. **Recommendations** Update Cart All In One For WooCommerce to version 1.1.22 or later.

**Name of the Vulnerable Software and Affected Versions** Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress versions prior to 3.1.1 **Description** The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is susceptible to Code Injection due to inadequate input validation of the `operator` field within conditional logic rules. The `evalConditions()` function passes unsanitized user input directly to PHP's `eval()` function. This allows authenticated attackers with Shop Manager-level access or higher to inject and execute arbitrary PHP code on the server by manipulating the conditional logic 'operator' parameter when saving addon form field rules. **Recommendations** Update Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress to version 3.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Church Admin plugin for WordPress versions up to and including 5.0.28 **Description** The Church Admin plugin for WordPress is susceptible to Server-Side Request Forgery due to inadequate validation of user-supplied URLs. Specifically, the `audio url` parameter lacks sufficient input validation. This allows authenticated attackers with Administrator-level access to initiate web requests to arbitrary locations from the web application. This could potentially allow querying and modification of information from internal services. **Recommendations** Update the Church Admin plugin to a version later than 5.0.28.

**Name of the Vulnerable Software and Affected Versions** CM E-Mail Blacklist versions prior to 1.6.3 **Description** The CM E-Mail Blacklist WordPress plugin is susceptible to Stored Cross-Site Scripting through the `black email` parameter. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update CM E-Mail Blacklist to version 1.6.3 or later.