Youssef Elouaer

Name of the Vulnerable Software and Affected Versions Bookly versões até e incluindo 27.0 Description O plugin Bookly – Sistema Online de Agendamento e Marcação de Consultas para WordPress é suscetível a manipulação de preços através do parâmetro `tips`. O plugin não valida adequadamente a entrada fornecida pelo usuário em relação ao preço configurado, permitindo que atacantes não autenticados enviem um número negativo para o parâmetro `tips`. Isso pode reduzir o preço total para zero. Recommendations Atualize o Bookly para uma versão mais recente que 27.0.

Name of the Vulnerable Software and Affected Versions WCAPF – WooCommerce Ajax Product Filter versões até e incluindo 4.2.3 Description O plugin WooCommerce Ajax Product Filter é suscetível a injeção de SQL baseada em tempo através do parâmetro `post-author`. A sanitização inadequada da entrada e a preparação inadequada da consulta SQL permitem que invasores não autenticados injetem consultas SQL adicionais, potencialmente extraindo informações confidenciais do banco de dados. Recommendations Atualize para uma versão superior a 4.2.3

Name of the Vulnerable Software and Affected Versions Plugin Pie Register – User Registration, Profiles & Content Restriction para WordPress versões até e incluindo 3.8.4.8 Description O plugin Pie Register para WordPress é suscetível a modificação não autorizada de dados. Uma verificação de capacidade ausente dentro da função `pie main()` permite que atacantes não autenticados alterem o status do formulário de registro. Recommendations Atualize o plugin Pie Register para uma versão mais recente que 3.8.4.8.

**Name of the Vulnerable Software and Affected Versions** Product Filter for WooCommerce by WBW versões anteriores a 3.1.3 **Description** A ausência de uma verificação de capacidade permite que atacantes não autenticados causem a perda não autorizada de dados. O framework MVC do plugin registra dinamicamente manipuladores AJAX não autenticados via hooks `wp ajax nopriv ` sem verificar as capacidades do usuário. Isso é combinado com o método mágico ` call()` do controlador base, que encaminha chamadas de métodos indefinidos para a camada de modelo, enquanto o método `havePermissions()` assume `true` por padrão quando nenhuma permissão é explicitamente definida. Um atacante pode truncar a tabela de banco de dados `wp wpf filters` enviando uma requisição AJAX manipulada para o endpoint utilizando a variável `action` definida como 'delete', resultando na destruição permanente de todas as configurações de filtro. **Recommendations** Atualizar para uma versão posterior a 3.1.2.

**Name of the Vulnerable Software and Affected Versions** Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types versions prior to 4.1.1 **Description** The Wicked Folders plugin for WordPress is susceptible to an Insecure Direct Object Reference issue in versions up to and including 4.1.0. This is due to a lack of validation on a user-controlled key within the `delete folders()` function. Authenticated attackers with Contributor-level access or higher can exploit this to delete folders created by other users. The `delete folders()` function is the component directly involved in this issue. **Recommendations** Update Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types to version 4.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.9 **Description** The NEX-Forms – Ultimate Forms Plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the `submit nex form()` function. This allows unauthenticated attackers to overwrite arbitrary form entries by manipulating the `nf set entry update id` parameter. **Recommendations** Update NEX-Forms – Ultimate Forms Plugin for WordPress to a version later than 9.1.9.

**Name of the Vulnerable Software and Affected Versions** Thim Kit for Elementor versions up to and including 1.3.7 **Description** The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is susceptible to unauthorized data access. A missing validation check on the `thim-ekit/archive-course/get-courses` API endpoint allows unauthenticated attackers to disclose private or draft LearnPress course content. This is achieved by manipulating the `post status` parameter within the `params url` payload. **Recommendations** Versions up to and including 1.3.7 should be updated to a newer, fixed version when available. As a temporary workaround, restrict access to the `thim-ekit/archive-course/get-courses` API endpoint.

**Name of the Vulnerable Software and Affected Versions** Name Directory plugin for WordPress versions through 1.32.1 **Description** The Name Directory plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `name directory name` parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. These scripts execute when a user accesses the injected page. The issue was partially addressed in versions 1.30.3 and 1.32.1. **Recommendations** Versions prior to 1.30.3 should be updated. Versions between 1.30.3 and 1.32.1 should be updated. Versions up to and including 1.32.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** Responsive Contact Form Builder & Lead Generation Plugin versions prior to 2.0.2 **Description** The Responsive Contact Form Builder & Lead Generation Plugin for WordPress is susceptible to Stored Cross-Site Scripting through form field submissions. This occurs because the `lfb lead sanitize()` function does not adequately sanitize input, specifically omitting certain field types from its sanitization whitelist. This, combined with a permissive `wp kses()` filter allowing `onclick` attributes on anchor tags, enables unauthenticated attackers to inject malicious web scripts. These scripts execute when an administrator views lead entries within the WordPress dashboard. The vulnerability allows for the injection of arbitrary web scripts via form field submissions. **Recommendations** Versions prior to 2.0.2 should be updated to version 2.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress versions up to and including 1.6.0 **Description** The Gutena Forms plugin for WordPress is susceptible to unauthorized data modification. A missing authorization check within the `save gutena forms schema()` function allows authenticated attackers with Contributor-level access or higher to update option values. This can lead to denial of service by creating errors on the site or enabling features that are explicitly disabled, such as site user registration. **Recommendations** Versions prior to and including 1.6.0 should be updated.

**Nome do Software Vulnerável e Versões Afetadas** Versões do plugin wpForo Forum anteriores à 2.4.15 **Descrição** O plugin wpForo Forum para WordPress está suscetível a Injeção de SQL baseada em tempo através do parâmetro `wpfob`. O escapamento insuficiente de entrada fornecida pelo usuário e a preparação inadequada de consultas SQL permitem que atacantes não autenticados injetem consultas SQL adicionais nas existentes. Isso pode levar à extração de informações sensíveis do banco de dados. **Recomendações** Atualize o plugin wpForo Forum para a versão 2.4.15 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Kali Forms plugin for WordPress versions up to and including 2.4.8 **Description** The software contains an Insecure Direct Object Reference issue. The `get items permissions check()` permission callback on the `/kaliforms/v1/forms/{id}` API endpoint only verifies the `edit posts` capability, without confirming user ownership or authorization for the specific form resource. This allows authenticated attackers with Contributor-level access or higher to view form configuration data belonging to other users, including administrators, by identifying form IDs. Exposed data includes form field structures, Google reCAPTCHA secret keys (if configured), email notification templates, and server paths. **Recommendations** Update Kali Forms plugin to a version later than 2.4.8.

**Name of the Vulnerable Software and Affected Versions** Custom Block Builder – Lazy Blocks versions prior to 4.2.1 **Description** The Custom Block Builder – Lazy Blocks plugin for WordPress has a flaw that allows for Remote Code Execution. An authenticated attacker with Contributor-level access or higher can execute code on the server through multiple functions within the `LazyBlocks Blocks` class. **Recommendations** Update the Custom Block Builder – Lazy Blocks plugin to version 4.2.1 or later.