Abisheik M

**Name of the Vulnerable Software and Affected Versions** Store Locator WordPress plugin versions prior to 1.6.9 **Description** Insufficient validation of a parameter used in a file path allows high-privileged users, such as administrators, to read arbitrary `.php` files from the server. This can lead to the exposure of sensitive information, including configuration files containing authentication keys and database credentials. **Recommendations** Update the plugin to version 1.6.9 or later.

**Name of the Vulnerable Software and Affected Versions** The Blue Admin WordPress plugin versions through 21.06.01 **Description** The issue is related to a Stored Cross-Site Scripting problem. The plugin does not sanitise or escape its `Logo Title` setting before outputting it in a page. Additionally, the plugin lacks a CSRF check when saving its settings, allowing the issue to be exploited via a CSRF attack. **Recommendations** For versions through 21.06.01, update to a version that addresses the Stored Cross-Site Scripting issue and implements a CSRF check for saving settings. As a temporary workaround, consider disabling the `Logo Title` setting until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PhoneTrack Meu Site Manager WordPress plugin version 0.1 **Description** The issue arises from the plugin not sanitising or escaping its `php id` setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue. **Recommendations** For version 0.1, consider disabling the output of the `php id` setting in the page attribute until a patch is available to prevent exploitation of the stored Cross-Site Scripting issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DrawBlog WordPress plugin versions 0.90 and earlier **Description** The issue is related to an authenticated stored Cross-Site Scripting problem. This occurs because the plugin does not properly sanitise or validate some of its settings before outputting them back in the page. **Recommendations** For DrawBlog WordPress plugin versions 0.90 and earlier, update to a version later than 0.90 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Any Hostname WordPress plugin versions 1.0.0 through 1.0.6 **Description** The issue arises from the lack of sanitization or escaping of the "Allowed hosts" setting in the plugin, leading to an authenticated stored XSS issue. High privilege users can set XSS payloads in this setting. **Recommendations** For versions 1.0.0 through 1.0.6, as a temporary workaround, consider restricting access to the "Allowed hosts" setting to prevent high privilege users from setting XSS payloads until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Event Geek WordPress plugin versions prior to 2.5.3 **Description** The issue is related to an authenticated stored Cross-Site Scripting problem. It occurs because the `Use your own` setting is not properly sanitised or escaped before being outputted in the page, allowing for malicious script execution. **Recommendations** For Event Geek WordPress plugin versions prior to 2.5.3, update to version 2.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Migrate Users WordPress plugin versions prior to 1.1.2 is not specified, however, the plugin through 1.0.1 is affected. **Description** The issue is related to a Stored Cross-Site Scripting problem. This occurs because the Delimiter option is not properly sanitised or escaped before being outputted on a page. Additionally, the plugin lacks a CSRF check when saving its options, making it possible for the issue to be exploited through a CSRF attack. **Recommendations** For Migrate Users WordPress plugin versions through 1.0.1, update to a version that addresses the Stored Cross-Site Scripting issue and implements a CSRF check.

**Name of the Vulnerable Software and Affected Versions** The Bookshelf WordPress plugin versions prior to 2.0.5 **Description** The issue is related to an authenticated Stored Cross-Site Scripting problem. It occurs because the `Paypal email address` setting is not properly sanitised or escaped before being outputted in the page. **Recommendations** For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Glass WordPress plugin versions 1.3.2 and earlier **Description** The issue is related to a Stored Cross-Site Scripting problem. It occurs because the `Glass Pages` setting is not properly sanitised or escaped before being outputted in a page. Additionally, the plugin lacks a CSRF check when saving its settings, making it possible to exploit the issue via a CSRF attack. **Recommendations** For Glass WordPress plugin versions 1.3.2 and earlier, update to a version that includes the necessary security fixes to address the Stored Cross-Site Scripting issue and implement CSRF protection for settings saves. At the moment, there is no information about a newer version that contains a fix for this vulnerability.