Rafie Muhammad

**Nome do Software Vulnerável e Versões Afetadas** MasterStudy LMS Pro Plus versões anteriores a 4.8.21 **Description** O plugin MasterStudy LMS Pro Plus para WordPress contém uma falha de SQL Injection genérica. Este problema ocorre porque o parâmetro `columns` não é devidamente escapado e a consulta SQL não é suficientemente preparada. Atacantes autenticados com nível de acesso de instrutor ou superior podem anexar consultas SQL adicionais a consultas existentes para extrair informações sensíveis do banco de dados. **Recommendations** Atualize o plugin para uma versão posterior a 4.8.20. Como medida paliativa temporária, restrinja o acesso ao parâmetro `columns` para minimizar o risco de exploração.

**Nome do Software Vulnerável e Versões Afetadas** Kirki – Freeform Page Builder, Website Builder & Customizer versões anteriores a 6.0.7 **Descrição** A validação insuficiente do caminho do arquivo e a ausência de verificação de capacidade na função `downloadZIP()` permitem que invasores não autenticados leiam e excluam arquivos arbitrários. Esta ação é limitada ao diretório base de uploads do WordPress. **Recomendações** Atualize para uma versão posterior a 6.0.6. Como medida paliativa temporária, considere desativar a função `downloadZIP()` até que a atualização seja aplicada.

**Nome do Software Vulnerável e Versões Afetadas** Avada Builder versões anteriores a 3.15.2 **Descrição** O plugin Avada Builder para WordPress contém uma Injeção de SQL baseada em tempo, uma técnica onde um invasor envia consultas que fazem o banco de dados pausar por uma duração específica para determinar se uma condição é verdadeira. Isso ocorre através do parâmetro 'product order' devido à limpeza insuficiente de dados fornecidos pelo usuário e à falta de preparação adequada da consulta SQL. Atacantes não autenticados podem anexar consultas SQL adicionais para extrair informações sensíveis do banco de dados. Este problema afeta apenas sites onde o WooCommerce foi instalado anteriormente e posteriormente desativado. Estima-se que aproximadamente 1 milhão de sites estejam em risco. **Recomendações** Atualize para uma versão posterior à 3.15.1.

**Nome do Software Vulnerável e Versões Afetadas** Avada Builder versões anteriores a 3.15.3 **Descrição** Um problema de leitura arbitrária de arquivos existe no plugin Avada Builder para WordPress. Atacantes autenticados com nível de acesso Assinante (Subscriber) ou superior podem ler arquivos arbitrários no servidor, potencialmente expondo informações sensíveis. Isso é possível através da função `fusion get svg from file()` usando o parâmetro `custom svg` dentro do shortcode 'fusion section separator'. **Recomendações** Atualize para a versão 3.15.3. Como medida paliativa temporária, restrinja o acesso à função `fusion get svg from file()` ou ao parâmetro `custom svg` no shortcode 'fusion section separator'.

**Name of the Vulnerable Software and Affected Versions** sizam RH Frontend Publishing Pro versions through 4.3.2 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by users. The vulnerability exists due to insufficient sanitization of user-supplied input. The affected component is rh-frontend. **Recommendations** Update to a version newer than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** ListingPro versions prior to 2.9.9 **Description** The ListingPro plugin contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerability exists due to insufficient sanitization of user-supplied input. The affected component is the listingpro-plugin. **Recommendations** Update ListingPro to version 2.9.9 or later.

**Name of the Vulnerable Software and Affected Versions** AndonDesign UDesign versions through 4.14.0 **Description** The software contains a flaw due to improper input handling during web page creation, which allows for Reflected Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by users. The vulnerability allows an attacker to inject arbitrary web scripts or HTML. The affected component is not specified. **Recommendations** Update to a version later than 4.14.0.

**Name of the Vulnerable Software and Affected Versions** PixFort pixfort Core versions through 3.2.22 **Description** A missing authorization issue exists in PixFort pixfort Core pixfort-core, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update PixFort pixfort Core to a version later than 3.2.22.

**Name of the Vulnerable Software and Affected Versions** PixFort pixfort Core versions through 3.2.22 **Description** A flaw exists in PixFort pixfort Core that allows for Reflected Cross-site Scripting (XSS). This issue arises from improper handling of user-supplied input when generating web pages. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is `pixfort-core`. **Recommendations** Update PixFort pixfort Core to a version later than 3.2.22.

**Name of the Vulnerable Software and Affected Versions** uixthemes Sober versions through 3.5.12 **Description** An authorization issue exists in uixthemes Sober that allows exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version later than 3.5.12.

**Name of the Vulnerable Software and Affected Versions** jegtheme JNews - Frontend Submit versions through 11.0.0 **Description** A flaw exists in jegtheme JNews - Frontend Submit that allows for Reflected Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability is present in the jnews-frontend-submit component. **Recommendations** Update jegtheme JNews - Frontend Submit to a version later than 11.0.0.

**Name of the Vulnerable Software and Affected Versions** jegtheme JNews - Video versions through 11.0.2 **Description** The software contains a flaw due to improper neutralization of input during web page generation, specifically a Reflected Cross-Site Scripting (XSS) issue. This impacts the jnews-video component. A successful exploit could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update jegtheme JNews - Video to a version later than 11.0.2.

**Name of the Vulnerable Software and Affected Versions** ThemeGoods Photography versions prior to 7.7.5 **Description** The software contains a flaw due to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update ThemeGoods Photography to version 7.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** jegtheme JNews - Pay Writer versions through 11.0.0 **Description** A flaw exists in jegtheme JNews - Pay Writer that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue potentially allows an attacker to include arbitrary files. **Recommendations** Update jegtheme JNews - Pay Writer to a version later than 11.0.0.

**Name of the Vulnerable Software and Affected Versions** sizam REHub Framework versions through 19.9.5 **Description** A missing authorization issue exists in the REHub Framework. This allows access to functionality that is not properly constrained by Access Control Lists (ACLs). **Recommendations** Update to a version beyond 19.9.5.

**Name of the Vulnerable Software and Affected Versions** brandexponents Oshine oshin versions through 7.2.7 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. **Recommendations** Update to a version later than 7.2.7.

**Name of the Vulnerable Software and Affected Versions** shinetheme Traveler versions through 3.2.6 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for potential exploitation of the system. **Recommendations** Update to a version later than 3.2.6.

**Name of the Vulnerable Software and Affected Versions** Woffice versions prior to 5.4.30 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This means an attacker could potentially inject malicious scripts into a web page viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied data used in web page construction. **Recommendations** Update Woffice to version 5.4.30 or later.

**Name of the Vulnerable Software and Affected Versions** WofficeIO Woffice Core versions prior to 5.4.30 **Description** An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. The issue affects the `woffice-core` component. **Recommendations** Update WofficeIO Woffice Core to a version later than 5.4.30.

**Nome do Software Vulnerável e Versões Afetadas** Versões do 8theme XStore anteriores à 9.6.1 **Descrição** O software contém uma falha devido à neutralização inadequada de entrada durante a geração da página web, resultando em uma condição de Cross-Site Scripting (XSS) Refletido. Isso permite que um invasor injete scripts maliciosos em páginas web visualizadas por outros usuários. O componente afetado é o XStore. **Recomendações** Atualize o 8theme XStore para a versão 9.6.1 ou posterior.