Teerachai Somprasong

**Nome do Software Vulnerável e Versões Afetadas** Alba Board versões anteriores a 2.1.4 **Descrição** O plugin não verifica adequadamente se um usuário está autorizado a realizar ações específicas, resultando em um bypass de autorização. Isso permite que atacantes autenticados com nível de acesso de assinante ou superior acessem dados privados arbitrários de posts `alba card`, incluindo títulos, descrições, responsáveis, datas de entrega, tags e comentários, que deveriam ser restritos a Administradores e Editores. Como o manipulador é registrado via hook `wp ajax nopriv ` e seu nonce é exposto a todos os visitantes do site através de `wp localize script` em páginas que contêm o shortcode `[alba board]`, o problema também é explorável por usuários não autenticados que tenham acesso a tais páginas. **Recomendações** Atualize para uma versão posterior a 2.1.3.

**Nome do Software Vulnerável e Versões Afetadas** My Social Feeds – Social Feeds Embedder versões anteriores a 1.0.5 **Descrição** O plugin está sujeito à exposição de informações sensíveis através da ação AJAX 'ttp get accounts'. A função `get accounts()` carece de verificações de autorização e de verificação de nonce, permitindo que atacantes autenticados com nível de acesso de Assinante (Subscriber) ou superior recuperem todo o conteúdo da opção `ttp tiktok accounts` do WordPress. Isso inclui credenciais sensíveis de OAuth do TikTok, especificamente os valores de `access token` e `refresh token` de contas conectadas por administradores, que podem ser usadas para personificar o proprietário do site ao interagir com a API do TikTok. **Recomendações** Atualize o plugin para uma versão posterior a 1.0.4. Como medida paliativa temporária, restrinja o acesso à ação AJAX 'ttp get accounts' para evitar que usuários não autorizados chamem a função `get accounts()`.

**Nome do Software Vulnerável e Versões Afetadas** MaxiBlocks Builder versões anteriores a 2.1.9 **Descrição** A validação insuficiente de propriedade de arquivo na ação AJAX 'maxi remove custom image size' permite que atacantes autenticados com nível de acesso de Autor ou superior excluam arquivos de mídia arbitrários no diretório `wp-content/uploads`. Isso inclui arquivos enviados por outros usuários e administradores. **Recomendações** Atualize para uma versão posterior à 2.1.8.

**Name of the Vulnerable Software and Affected Versions** Age Verification & Identity Verification by Token of Trust versões anteriores a 3.32.4 **Description** O plugin Age Verification & Identity Verification by Token of Trust para WordPress contém um problema de Stored Cross-Site Scripting. Isso ocorre devido à sanitização de entrada e escape de saída insuficientes no parâmetro `description`. Atacantes não autenticados podem explorar isso para injetar scripts web arbitrários em páginas, que são executados quando um usuário acessa a página afetada. **Recommendations** Atualize para uma versão posterior a 3.32.3. Como medida paliativa temporária, restrinja ou evite o uso do parâmetro `description` até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress versions up to and including 4.4.3 **Description** The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is susceptible to SQL Injection via the `search` parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. **Recommendations** Versions prior to 4.4.4 should be updated.

**Name of the Vulnerable Software and Affected Versions** ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress versions prior to 3.3.3 **Description** The ShopLentor plugin is susceptible to Email Relay Abuse due to insufficient validation of input parameters. Specifically, the `send to`, `product title`, `wlmessage`, and `wlemail` parameters within the `woolentor suggest price action` API endpoint are not properly validated. This allows unauthenticated attackers to leverage the website as an email relay for malicious purposes, such as spam or phishing campaigns. Attackers gain full control over the email subject line, message content, and sender address through CRLF injection within the `wlemail` parameter. **Recommendations** Versions prior to 3.3.3 should be updated to version 3.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** Invoct – PDF Invoices & Billing for WooCommerce versions up to and including 1.6 **Description** The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check in multiple functions. Authenticated attackers with Subscriber-level access or higher can retrieve invoice clients, invoice items, and a list of WordPress users along with their email addresses. **Recommendations** Update Invoct – PDF Invoices & Billing for WooCommerce to a version newer than 1.6.

**Name of the Vulnerable Software and Affected Versions** Magic Import Document Extractor plugin for WordPress versions up to and including 1.0.4 **Description** The software is susceptible to unauthorized data modification because of a missing authorization check within the `ajax sync usage()` function. This allows unauthenticated attackers to alter the plugin’s license status and credit balance. **Recommendations** Update the Magic Import Document Extractor plugin to a version later than 1.0.4.

**Name of the Vulnerable Software and Affected Versions** Magic Import Document Extractor plugin for WordPress versions up to and including 1.0.4 **Description** The software is susceptible to a sensitive information exposure issue. Unauthenticated attackers can extract the site's `magicimport.ai` license key from the page source on any page containing the plugin's shortcode through the `get frontend settings()` function. **Recommendations** Update the Magic Import Document Extractor plugin to a version later than 1.0.4.

**Name of the Vulnerable Software and Affected Versions** The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.5 **Description** The plugin has an authorization bypass due to missing capability checks on the CSV export functionality. This allows unauthenticated attackers to download sensitive form submission data, including personally identifiable information (PII), by accessing the CSV export endpoint. The export key needed for this access is exposed in the publicly accessible page source code. The CSV export handler bypasses user permission filtering, exporting all entries regardless of user roles. **Recommendations** Versions prior to 1.4.5 should be updated.

**Name of the Vulnerable Software and Affected Versions** Integrate Dynamics 365 CRM plugin for WordPress versions prior to 1.1.2 **Description** The Integrate Dynamics 365 CRM plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping on user-supplied attributes allow authenticated attackers with Administrator-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update to version 1.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress versions prior to 4.1116 **Description** The RepairBuddy plugin for WordPress is susceptible to Insecure Direct Object Reference. This is due to the absence of appropriate capability checks within the `wc upload and save signature handler` function. Authenticated attackers possessing Subscriber-level access or higher can upload arbitrary signatures to any order, potentially altering order metadata and causing unauthorized status modifications. **Recommendations** Update to a version newer than 4.1116.

**Name of the Vulnerable Software and Affected Versions** WP-CRM System plugin for WordPress versions up to and including 3.4.5 **Description** The WP-CRM System plugin for WordPress is susceptible to unauthorized access because of absent capability checks within the `wpcrm get email recipients` and `wpcrm system ajax task change status` AJAX functions. This allows authenticated attackers possessing subscriber-level access or higher to enumerate CRM contact email addresses, resulting in potential PII disclosure, and to modify CRM task statuses. **Recommendations** Update the WP-CRM System plugin to a version later than 3.4.5.

**Name of the Vulnerable Software and Affected Versions** iPaymu Payment Gateway for WooCommerce plugin for WordPress versions up to and including 2.0.2 **Description** The iPaymu Payment Gateway for WooCommerce plugin for WordPress is susceptible to missing authentication. This occurs because the plugin does not validate the authenticity of webhook requests through signature verification or origin checks. An unauthenticated attacker can send crafted POST requests to the webhook endpoint to falsely mark WooCommerce orders as paid, without actual payment. Additionally, attackers can enumerate order IDs and obtain valid order keys via GET requests, potentially exposing customer Personally Identifiable Information (PII) such as names, addresses, and purchased products. The vulnerable function is `check ipaymu response`. **Recommendations** Update the iPaymu Payment Gateway for WooCommerce plugin for WordPress to a version later than 2.0.2.