Abrahack

**Name of the Vulnerable Software and Affected Versions** Rank Math SEO versions prior to 1.0.272 **Description** The Rank Math SEO plugin for WordPress allows unauthorized access because the `update site editor homepage()` function lacks a capability check. This allows unauthenticated attackers to modify various plugin settings, such as the homepage title, meta description, breadcrumbs label, and social media metadata. Such modifications can negatively impact SEO rankings and enable the display of malicious content on all site pages where breadcrumbs are implemented. **Recommendations** Update the plugin to version 1.0.272 or later. As a temporary workaround, restrict access to the `update site editor homepage()` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions through 2.2.10 **Description** The ReviewX plugin for WordPress is susceptible to unauthorized data access because of insufficient authorization checks within the `userAccessibility()` function. This allows unauthenticated attackers to access protected REST API endpoints and potentially extract or modify user and plugin configuration information. **Recommendations** Update the ReviewX plugin to a version newer than 2.2.10.

**Name of the Vulnerable Software and Affected Versions** ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions up to and including 2.2.12 **Description** The ReviewX plugin for WordPress is susceptible to exposure of sensitive information. Unauthenticated attackers can potentially extract sensitive data, including user names, emails, phone numbers, and addresses, through the `syncedData` function. **Recommendations** Update the ReviewX plugin to a version later than 2.2.12.

**Name of the Vulnerable Software and Affected Versions** ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions up to and including 2.2.12 **Description** The ReviewX plugin for WordPress is susceptible to sensitive information exposure. This allows unauthenticated attackers to obtain authentication tokens and bypass admin restrictions. Successful exploitation grants access to sensitive data, including order details, names, emails, addresses, phone numbers, and user information, potentially enabling data export. The issue resides within the `allReminderSettings` function. **Recommendations** Update ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress to a version later than 2.2.12.

**Name of the Vulnerable Software and Affected Versions** ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions through 2.2.12 **Description** The ReviewX plugin for WordPress is susceptible to arbitrary method calls due to inadequate input validation within the `bulkTenReviews` function. This allows attackers to pass user-controlled data to a variable function call, potentially enabling the execution of arbitrary PHP class methods that require no inputs or have default values. Successful exploitation could lead to information disclosure or remote code execution, contingent upon the server configuration and available methods. **Recommendations** Update the ReviewX plugin to a version newer than 2.2.12.

**Name of the Vulnerable Software and Affected Versions** UiPress lite versions prior to 3.5.09 **Description** The UiPress lite plugin for WordPress allows authenticated attackers with Subscriber-level access or higher to save templates containing custom JavaScript due to a missing capability check on the `uip save ui template` function. This can lead to unauthorized modification of data. **Recommendations** Update UiPress lite to version 3.5.09 or later.

**Name of the Vulnerable Software and Affected Versions** UiPress lite plugin for WordPress versions prior to 3.5.09 **Description** The UiPress lite plugin for WordPress is susceptible to exposure of sensitive information. This is a result of absent capability checks within the `uip process block query` function, which is accessible via AJAX. Attackers with subscriber-level access or higher can potentially retrieve sensitive user data, including password hashes and email addresses, which could lead to account takeover. **Recommendations** Update the UiPress lite plugin to version 3.5.09 or later.

**Name of the Vulnerable Software and Affected Versions** The Authors List plugin for WordPress versions up to and including 2.0.6 **Description** The issue arises from the software's failure to properly validate a value before executing the do shortcode action, allowing unauthenticated attackers to execute arbitrary shortcodes. This enables potential exploitation due to the lack of validation. **Recommendations** For versions up to and including 2.0.6, update to a version that includes the necessary validation to prevent arbitrary shortcode execution. As a temporary workaround, consider restricting access to the shortcode execution functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IP2Location Country Blocker versions up to, and including, 2.38.8 **Description** The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure due to missing capability checks on the `admin init()` function. This allows unauthenticated attackers to view the plugin's settings. **Recommendations** For versions up to, and including, 2.38.8, update to a version that includes the necessary capability checks for the `admin init()` function to prevent unauthenticated access to the plugin's settings. As a temporary workaround, consider restricting access to the `admin init()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 **Description** The issue is related to unauthorized access due to a missing capability check on the `response()` function. This allows authenticated attackers with Subscriber-level access and above to update the plugin's settings. **Recommendations** For versions up to, and including, 4.4.9, consider disabling the `response()` function until a patch is available to prevent unauthorized access. As a temporary workaround, restrict access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress versions up to, and including, 5.1.4 **Description** The issue allows authenticated attackers with Subscriber-level access and above to modify the plugin's settings due to a missing capability check on the `response()` function. **Recommendations** For versions up to, and including, 5.1.4, update to a version higher than 5.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the `response()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier (Business) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier (Developer) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 31.8.0 and earlier (Agency) **Description** The issue is related to Reflected Cross-Site Scripting via the `content` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier (Business), update to a version later than 8.8.0. For The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier (Developer), update to a version later than 21.8.0. For The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 31.8.0 and earlier (Agency), update to a version later than 31.8.0. As a temporary workaround, consider restricting access to the `content` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Quiz Maker Business plugin for WordPress versions up to, and including, 8.8.0 The Quiz Maker Developer plugin for WordPress versions up to, and including, 21.8.0 The Quiz Maker Agency plugin for WordPress versions up to, and including, 31.8.0 **Description** The issue is related to unauthorized modification of data due to a missing capability check on the `ays save google credentials` function. This allows unauthenticated attackers to modify the Google Sheets integration credentials within the plugin's settings. Additionally, because the `client id` parameter is not sanitized or escaped when used in output, this could also be leveraged to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** The Quiz Maker Business plugin for WordPress versions up to, and including, 8.8.0 should update to a version higher than 8.8.0 to resolve the issue. The Quiz Maker Developer plugin for WordPress versions up to, and including, 21.8.0 should update to a version higher than 21.8.0 to resolve the issue. The Quiz Maker Agency plugin for WordPress versions up to, and including, 31.8.0 should update to a version higher than 31.8.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 8.8.0 and earlier (Business) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 21.8.0 and earlier (Developer) The Quiz Maker Business, Developer, and Agency plugins for WordPress versions 31.8.0 and earlier (Agency) **Description** The issue is due to the software allowing users to execute an action that does not properly validate a value before running `do shortcode`. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. **Recommendations** The Quiz Maker Business, Developer, and Agency plugins for WordPress version 8.8.0 and earlier (Business) should update to a version later than 8.8.0. The Quiz Maker Business, Developer, and Agency plugins for WordPress version 21.8.0 and earlier (Developer) should update to a version later than 21.8.0. The Quiz Maker Business, Developer, and Agency plugins for WordPress version 31.8.0 and earlier (Agency) should update to a version later than 31.8.0.

**Name of the Vulnerable Software and Affected Versions** GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 **Description** The issue is related to time-based SQL Injection via the `orderby` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 7.2.1, consider disabling the `orderby` parameter until a patch is available to prevent exploitation. Restrict access to sensitive database information to minimize the risk of data extraction. Avoid using the `orderby` parameter in existing queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 **Description** The issue is related to arbitrary shortcode execution via the `gamipress do shortcode()` function. This is due to the software allowing users to execute an action that does not properly validate a value before running `do shortcode()`. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. **Recommendations** For versions up to, and including, 7.2.1, consider disabling the `gamipress do shortcode()` function until a patch is available to prevent arbitrary shortcode execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress File Upload plugin versions up to 4.24.13 **Description** The WordPress File Upload plugin is vulnerable to Path Traversal, allowing unauthenticated attackers to read files outside of the originally intended directory through `wfu file downloader.php`. This issue affects all versions up to, and including, 4.24.13. **Recommendations** For versions up to 4.24.13, update to a version later than 4.24.13 to resolve the issue. As a temporary workaround, consider restricting access to `wfu file downloader.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress File Upload plugin versions up to, and including, 4.24.15 **Description** The WordPress File Upload plugin is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion due to the lack of proper sanitization of the `source` parameter and allowing a user-defined directory path in the 'wfu file downloader.php' file. This makes it possible for unauthenticated attackers to execute code on the server. Over 2 million results are found on ZoomEye, indicating a large number of potentially affected devices worldwide. **Recommendations** For WordPress File Upload plugin versions up to, and including, 4.24.15, consider disabling the 'wfu file downloader.php' file or restricting access to it until a patch is available. As a temporary workaround, avoid using the `source` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress File Upload plugin versions up to and including 4.24.12 **Description** The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the `wfu ABSPATH` cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. **Recommendations** For WordPress File Upload plugin versions up to and including 4.24.12, update to a version higher than 4.24.12 to resolve the issue. As a temporary workaround, consider restricting access to the `wfu ABSPATH` cookie parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7.3 **Description** The issue concerns Sensitive Information Exposure, allowing unauthenticated attackers to extract potentially sensitive paid course material through the `class-lp-rest-material-controller.php` file. This makes it possible for attackers to access confidential information without proper authentication. **Recommendations** For versions up to, and including, 4.2.7.3, consider updating to a version later than 4.2.7.3 to resolve the issue. As a temporary workaround, consider restricting access to the `class-lp-rest-material-controller.php` file until a patch is available. Additionally, restrict access to potentially sensitive paid course material to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.