Abdulsamad Yusuf

The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP SELF in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

**Name of the Vulnerable Software and Affected Versions** LJ comments import: reloaded versions prior to 0.97.2 **Description** The LJ comments import: reloaded plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts into pages by tricking a user into clicking a link. This occurs because the `PHP SELF` parameter includes attacker-controllable `PATH INFO` appended to the script name, which is then processed through two unsanitized echo points within the same function. **Recommendations** Update to a version later than 0.97.1.

**Name of the Vulnerable Software and Affected Versions** SponsorMe versions prior to 0.5.3 **Description** Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. This occurs when a user is tricked into clicking a crafted link. The `PHP SELF` variable is reflected in a form action attribute and an anchor href attribute within the vulnerable function, which can be exploited by appending a payload to the 'wp-admin/admin.php' endpoint. **Recommendations** Update to a version later than 0.5.2.

**Name of the Vulnerable Software and Affected Versions** Correct Prices versions prior to 1.1 **Description** The Correct Prices plugin for WordPress is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing an attacker to execute scripts in the victim's browser. The issue occurs within the `correct prices page()` function, which echoes the `$ SERVER['PHP SELF']` variable into a form's action attribute without input sanitization or output escaping. Since `$ SERVER['PHP SELF']` reflects path-info appended to the script URL, unauthenticated attackers can inject arbitrary markup and web scripts by tricking a user into clicking a specially crafted link. **Recommendations** Update to a version later than 1.0. As a temporary workaround, restrict access to the `correct prices page()` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Gravity Bookings Premium versions prior to 2.6.0 **Description** The Gravity Bookings Premium plugin for WordPress contains a SQL Injection flaw caused by insufficient escaping of user-supplied parameters and a lack of proper preparation of existing SQL queries. This allows unauthenticated attackers to append additional SQL queries to existing ones to extract sensitive information from the database. **Recommendations** Update the plugin to a version later than 2.5.9.

**Name of the Vulnerable Software and Affected Versions** Comment Genius plugin for WordPress versions up to and including 1.2.5 **Description** The Comment Genius plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping of the `$ SERVER['PHP SELF']` parameter. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the Comment Genius plugin to a version later than 1.2.5.

**Name of the Vulnerable Software and Affected Versions** [CR]Paid Link Manager versions prior to 0.5 **Description** The [CR]Paid Link Manager plugin for WordPress is susceptible to reflected cross-site scripting through the URL path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker can inject arbitrary web scripts into pages that execute if a user is tricked into clicking a malicious link. **Recommendations** Update [CR]Paid Link Manager to version 0.5 or later.

**Name of the Vulnerable Software and Affected Versions** personal-authors-category plugin for WordPress versions up to and including 0.3 **Description** The personal-authors-category plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the URL path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the personal-authors-category plugin to a version newer than 0.3.

**Name of the Vulnerable Software and Affected Versions** Geo Widget versions prior to 1.1 **Description** The Geo Widget plugin for WordPress is susceptible to Stored Cross-Site Scripting through the URL path. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the Geo Widget plugin to version 1.1 or later.

**Name of the Vulnerable Software and Affected Versions** StyleBidet versions prior to 1.0.1 **Description** The StyleBidet plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the URL path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into clicking a malicious link. **Recommendations** Update the StyleBidet plugin to version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Address Bar Ads plugin for WordPress versions prior to 1.0.1 **Description** The Address Bar Ads plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the URL Path. This is due to inadequate input sanitization and output escaping. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update to Address Bar Ads plugin for WordPress version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Subitem AL Slider versions prior to 1.0.1 **Description** The Subitem AL Slider plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the `$ SERVER['PHP SELF']` parameter. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the Subitem AL Slider plugin to version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** MP-Ukagaka plugin for WordPress versions through 1.5.2 **Description** The MP-Ukagaka plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link, which then executes the injected script. **Recommendations** Update the MP-Ukagaka plugin to a version newer than 1.5.2.

**Name of the Vulnerable Software and Affected Versions** Peter's Date Countdown plugin for WordPress versions prior to 2.0.1 **Description** The Peter's Date Countdown plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the `$ SERVER['PHP SELF']` parameter. **Recommendations** Update the Peter's Date Countdown plugin to version 2.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Vzaar Media Management plugin for WordPress versions up to and including 1.2 **Description** The Vzaar Media Management plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. The vulnerability affects the `$ SERVER['PHP SELF']` variable. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the Vzaar Media Management plugin to a version newer than 1.2.

**Name of the Vulnerable Software and Affected Versions** JustClick registration plugin for WordPress versions prior to and including 0.1 **Description** The JustClick registration plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is a result of inadequate input sanitization and output escaping applied to the `PHP SELF` server variable. An unauthenticated attacker could inject arbitrary web scripts into pages, which would execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the JustClick registration plugin to a version newer than 0.1.

**Name of the Vulnerable Software and Affected Versions** Top Position Google Finance versions up to and including 0.1.0 **Description** The Top Position Google Finance plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which can execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the `$ SERVER['PHP SELF']` variable. **Recommendations** Update Top Position Google Finance to a version newer than 0.1.0.

**Name of the Vulnerable Software and Affected Versions** Lesson Plan Book versions prior to 1.4 **Description** The Lesson Plan Book plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the `$ SERVER['PHP SELF']` variable. **Recommendations** Update Lesson Plan Book to version 1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Shabat Keeper versions up to and including 0.4.4 **Description** The Shabat Keeper plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link. The vulnerability is related to the `$ SERVER['PHP SELF']` parameter. **Recommendations** Update Shabat Keeper to a version newer than 0.4.4

**Name of the Vulnerable Software and Affected Versions** MG AdvancedOptions versions prior to 1.3 **Description** The MG AdvancedOptions plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute if a user is tricked into performing an action, such as clicking a malicious link. The vulnerability is related to the `$ SERVER['PHP SELF']` variable. **Recommendations** Versions prior to 1.3 should be updated to address this issue.