Rafał

Name of the Vulnerable Software and Affected Versions Backup Migration plugin for WordPress versões até e incluindo 2.0.0 Description O plugin Backup Migration para WordPress é suscetível a acesso não autorizado devido a uma verificação de capacidade ausente na função `initializeOfflineAjax` e verificação de nonce insuficiente. O plugin valida solicitações em relação a tokens codificados expostos em seu código JavaScript, permitindo que invasores não autenticados iniciem o processamento da fila de upload de backup. Isso pode levar a transferências de backup não intencionais para o armazenamento em nuvem configurado e ao esgotamento de recursos. Recommendations Atualize para uma versão posterior à 2.0.0

**Name of the Vulnerable Software and Affected Versions** BackWPup – WordPress Backup & Restore Plugin versions prior to 5.6.3 **Description** The BackWPup – WordPress Backup & Restore Plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check within the `save site option()` function allows authenticated attackers with a level of access and above to modify arbitrary options on a WordPress site. This can be exploited to elevate privileges, for example, by changing the default registration role to administrator and enabling user registration, thereby granting attackers administrative access. **Recommendations** Update BackWPup – WordPress Backup & Restore Plugin to version 5.6.3 or later.

**Name of the Vulnerable Software and Affected Versions** Simple Membership plugin for WordPress versions prior to 4.7.1 **Description** The Simple Membership plugin for WordPress is susceptible to an issue involving improper handling of missing values in the Stripe webhook handler. The plugin only validates webhook signatures when the `stripe-webhook-signing-secret` setting is configured, which is empty by default. This allows unauthenticated attackers to forge Stripe webhook events. Successful exploitation can lead to manipulation of membership subscriptions, including reactivating expired memberships without payment or canceling legitimate subscriptions, potentially resulting in unauthorized access and service disruption. **Recommendations** Update the Simple Membership plugin to version 4.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** ShortPixel Image Optimizer plugin for WordPress versions prior to 6.4.3 **Description** The ShortPixel Image Optimizer plugin for WordPress is susceptible to unauthorized file access through a path traversal flaw. This issue stems from inadequate validation and sanitization of the `loadFile` parameter within the 'loadLogFile' AJAX action. Authenticated attackers possessing Editor-level access or higher can exploit this to read arbitrary files on the server, potentially exposing sensitive data like database credentials and authentication keys. **Recommendations** Update to version 6.4.3 or later.

**Name of the Vulnerable Software and Affected Versions** AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to and including 1.1.9 **Description** The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is a result of flawed nonce verification within the `amp theme ajaxcomments` AJAX handler, which incorrectly rejects valid nonces while accepting missing or invalid ones. This allows attackers to submit comments as authenticated users if they can trick a user into performing an action, such as clicking a malicious link, and the plugin’s template mode is enabled. **Recommendations** Update the AMP for WP – Accelerated Mobile Pages plugin to a version newer than 1.1.9.