San6051

**Nome do Software Vulnerável e Versões Afetadas** rognone versões anteriores a 0.6.3 **Description** O plugin rognone para WordPress está sujeito a Reflected Cross-Site Scripting, uma falha onde uma aplicação inclui dados não confiáveis em uma página web sem a devida validação ou escape. Isso ocorre devido à sanitização de entrada e escape de saída insuficientes no parâmetro `mode`. Atacantes não autenticados podem explorar isso enganando um usuário para clicar em um link manipulado, permitindo a execução de scripts web arbitrários no navegador do usuário. **Recommendations** Atualize o plugin para uma versão posterior a 0.6.2. Como medida paliativa temporária, restrinja ou sanitize o uso do parâmetro `mode`.

**Nome do Software Vulnerável e Versões Afetadas** Word Replacer versões anteriores a 0.5 **Description** A sanitização insuficiente de entrada e a escape de saída inadequada permitem que atacantes autenticados com nível de acesso de Administrador ou superior realizem Stored Cross-Site Scripting. Isso ocorre por meio do parâmetro `replacement`, permitindo a injeção de scripts web arbitrários em páginas que são executados quando acessados por um usuário. **Recommendations** Atualize para uma versão posterior a 0.4. Como medida paliativa temporária, restrinja o acesso ao parâmetro `replacement` até que a atualização seja aplicada.

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.

The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a' parameter in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

**Nome do Software Vulnerável e Versões Afetadas** MinhNhut Link Gateway versões anteriores a 3.6.2 **Descrição** O plugin MinhNhut Link Gateway para WordPress contém um problema de Cross-Site Scripting (XSS) Armazenado causado por sanitização de entrada e escape de saída insuficientes nas configurações do plugin, afetando especificamente os campos `Description`, `Title` e outros. Isso permite que atacantes autenticados com nível de acesso de Administrador ou superior injetem scripts web arbitrários em páginas, que são executados quando um usuário visita a página de redirecionamento. Este problema impacta especificamente instalações multi-site e ambientes onde o `unfiltered html` foi desativado. **Recomendações** Atualize o plugin para uma versão posterior a 3.6.1.

**Nome do Software Vulnerável e Versões Afetadas** MinhNhut Link Gateway versões anteriores a 3.6.2 **Description** O plugin MinhNhut Link Gateway para WordPress contém um problema de Reflected Cross-Site Scripting. Isso ocorre devido à sanitização de entrada e escape de saída insuficientes do parâmetro `url` na página de redirecionamento. Atacantes não autenticados podem explorar isso enganando um usuário para clicar em um link, permitindo a injeção e execução de scripts web arbitrários no navegador do usuário. **Recommendations** Atualize o plugin para uma versão posterior a 3.6.1. Como medida paliativa temporária, restrinja ou sanitize o uso do parâmetro `url` na página de redirecionamento.

**Nome do Software Vulnerável e Versões Afetadas** rexCrawler versões anteriores a 1.0.16 **Description** O plugin rexCrawler para WordPress contém um problema de Cross-Site Scripting Armazenado nas configurações de administrador, causado por sanitização de entrada e escape de saída insuficientes. Isso permite que atacantes autenticados com permissões de nível de administrador ou superior injetem scripts web arbitrários em páginas, que são executados quando um usuário visita a página afetada. Este problema impacta especificamente instalações multi-site e ambientes onde o `unfiltered html` foi desativado. **Recommendations** Atualize para uma versão posterior a 1.0.15.

**Nome do Software Vulnerável e Versões Afetadas** myLinksDump versões anteriores a 1.7 **Description** O plugin myLinksDump para WordPress contém um problema de Cross-Site Scripting (XSS) Armazenado causado por sanitização de entrada e escape de saída insuficientes. Isso permite que atacantes autenticados com nível de acesso de administrador ou superior injetem scripts web arbitrários em páginas, que são executados quando um usuário visita a página afetada. Este problema impacta especificamente instalações multi-site e ambientes onde o `unfiltered html` foi desativado. A falha é acionada através do parâmetro `link title`. **Recommendations** Atualize para uma versão posterior a 1.6. Como mitigação temporária, restrinja o acesso de nível de administrador ou garanta que o `unfiltered html` seja gerenciado de acordo com as políticas de segurança para minimizar o risco de injeção de scripts via parâmetro `link title`.

**Name of the Vulnerable Software and Affected Versions** Multi Functional Flexi Lightbox plugin for WordPress versions prior to 1.3 **Description** The software is susceptible to Stored Cross-Site Scripting through the `arv lb[message]` parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Administrator-level access to inject arbitrary web scripts into pages. These scripts execute when a user accesses a page or post with the lightbox enabled. The `arv lb options val()` sanitize callback returns user input without sanitization, and the stored `message` value is output in the `genLB()` function without escaping. **Recommendations** Update the Multi Functional Flexi Lightbox plugin to version 1.3 or later.

**Name of the Vulnerable Software and Affected Versions** rexCrawler plugin for WordPress versions prior to 1.0.16 **Description** The rexCrawler plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the `url` and `regex` parameters within the search-pattern tester page. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. Successful exploitation requires tricking an administrator into performing an action, such as clicking a malicious link. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update the rexCrawler plugin to version 1.0.16 or later.

**Name of the Vulnerable Software and Affected Versions** myLinksDump plugin for WordPress versions through 1.6 **Description** The myLinksDump plugin for WordPress is susceptible to SQL Injection through the `sort by` and `sort order` parameters. This is due to inadequate input sanitization and insufficient SQL query preparation. An authenticated attacker with administrator-level access or higher can inject additional SQL queries into existing database queries, potentially extracting sensitive information. The vulnerable parameters are `sort by` and `sort order`. **Recommendations** Update the myLinksDump plugin to a version newer than 1.6.

**Name of the Vulnerable Software and Affected Versions** itsukaita plugin for WordPress versions prior to 0.1.3 **Description** The itsukaita plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the `day from` and `day to` parameters. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if an administrator is tricked into performing an action, such as clicking a malicious link. **Recommendations** Update the itsukaita plugin to version 0.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** MinhNhut Link Gateway versions prior to 3.6.2 **Description** The MinhNhut Link Gateway plugin for WordPress has a Stored Cross-Site Scripting issue related to the 'linkgate' shortcode. Insufficient input sanitization and output escaping on user-supplied attributes allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the MinhNhut Link Gateway plugin to version 3.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** Keep Backup Daily plugin for WordPress versions up to and including 2.1.2 **Description** The Keep Backup Daily plugin for WordPress is susceptible to a Stored Cross-Site Scripting issue. This occurs because of inadequate input sanitization and output escaping. Specifically, the backup title alias, represented by the `val` parameter, within the `update kbd bkup alias` AJAX action is not properly handled. While `sanitize text field()` removes HTML tags during saving, it fails to encode double quotes. Consequently, backup titles are displayed in HTML attribute contexts without using `esc attr()`, allowing authenticated attackers with Administrator-level access or higher to inject malicious web scripts. These scripts will execute whenever another administrator views the backup list page. **Recommendations** Update the Keep Backup Daily plugin to a version later than 2.1.2.

**Name of the Vulnerable Software and Affected Versions** Keep Backup Daily plugin for WordPress versions up to and including 2.1.1 **Description** The Keep Backup Daily plugin for WordPress is susceptible to a Limited Path Traversal issue. This is a result of inadequate validation of the `kbd path` parameter within the `kbd open upload dir` AJAX action, where only `sanitize text field()` is used for sanitization. This insufficient sanitization allows authenticated attackers with Administrator-level access or higher to potentially list the contents of directories outside the intended uploads directory on the server. **Recommendations** Versions prior to and including 2.1.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress versions through 1.2.7 **Description** The plugin is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses the injected page. This issue only impacts multi-site installations and those where `unfiltered html` has been disabled. **Recommendations** Update CM Custom Reports – Flexible reporting to track what matters most plugin for WordPress to a version later than 1.2.7.

**Name of the Vulnerable Software and Affected Versions** CM Custom Reports plugin for WordPress versions up to and including 1.2.7 **Description** The CM Custom Reports plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link. The vulnerable parameters are `date from` and `date to`. **Recommendations** Update the CM Custom Reports plugin to a version newer than 1.2.7.

**Name of the Vulnerable Software and Affected Versions** Slidorion versions up to and including 1.0.2 **Description** The Slidorion plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update Slidorion to a version later than 1.0.2.