Akbar Kustirama

**Name of the Vulnerable Software and Affected Versions** The Contact Form by Bit Form versions up to, and including, 2.17.3 **Description** The issue is related to unauthorized access of data due to a missing capability check on the "bitform-form-entry-edit" endpoint. This allows authenticated attackers with Subscriber-level access and above to view all form submissions from other users. **Recommendations** For versions up to, and including, 2.17.3, update to a version that includes a fix for the missing capability check on the "bitform-form-entry-edit" endpoint. As a temporary workaround, consider restricting access to the "bitform-form-entry-edit" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mapster WP Maps plugin for WordPress version 1.6.0 and earlier **Description** The issue is related to Stored Cross-Site Scripting via the `popup class` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For version 1.6.0 and earlier, update to a version later than 1.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the `popup class` parameter to minimize the risk of exploitation. Additionally, ensure that all users with Contributor-level access and above are trusted, as they have the ability to inject arbitrary web scripts.

**Name of the Vulnerable Software and Affected Versions** Simple Shortcode for Google Maps plugin for WordPress versions up to, and including, 1.5.4 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the `pw map` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.5.4, update to a version that addresses the insufficient input sanitization and output escaping issue in the `pw map` shortcode. As a temporary workaround, consider restricting access to the `pw map` shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MapPress Maps for WordPress versions up to, and including, 2.94.1 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Map block due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.94.1, update the plugin to the latest version to secure the site and mitigate risks. As a temporary workaround, consider restricting access to the Map block until the update is applied. Additionally, ensure that only trusted users have contributor-level access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache NiFi versions 1.10.0 through 1.26.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M3 **Description** The vulnerability concerns a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. **Recommendations** For Apache NiFi versions 1.10.0 through 1.26.0, upgrade to Apache NiFi 1.27.0. For Apache NiFi versions 2.0.0-M1 through 2.0.0-M3, upgrade to Apache NiFi 2.0.0-M4.

**Name of the Vulnerable Software and Affected Versions** YARPP – Yet Another Related Posts Plugin versions up to and including 5.30.9 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to and including 5.30.9, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrator-level permissions and above to minimize the risk of exploitation. Additionally, enabling unfiltered html, if possible, may help mitigate the issue in some installations.

**Name of the Vulnerable Software and Affected Versions** LuckyWP Table of Contents plugin for WordPress versions up to and including 2.1.4 **Description** The issue is related to Stored Cross-Site Scripting via the `Header Title` field due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. The issue affects multi-site installations and installations where `unfiltered html` has been disabled. **Recommendations** For versions up to and including 2.1.4, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the `Header Title` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Spectra – WordPress Gutenberg Blocks plugin for WordPress versions up to and including 2.10.3 **Description** The issue is related to Stored Cross-Site Scripting via the Custom CSS metabox due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to and including 2.10.3, update to a version later than 2.10.3 to resolve the issue. As a temporary workaround, consider restricting access to the Custom CSS metabox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress versions up to and including 3.2.17 **Description** The issue is related to Stored Cross-Site Scripting via the contact form message settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with editor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue primarily affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to and including 3.2.17, update the plugin immediately and verify all contact forms to ensure no malicious scripts have been injected. As a temporary workaround, consider restricting access to the contact form message settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Go Maps for WordPress versions up to, and including, 9.0.32 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 9.0.32, update to a version higher than 9.0.32 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, enabling unfiltered html or taking measures to ensure proper input sanitization and output escaping can help mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Events Manager plugin for WordPress versions up to, and including, 6.4.6.4 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 6.4.6.4, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrator-level permissions and ensuring that unfiltered html is enabled to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.5 Google ChromeOS (affected versions not specified) **Description** The issue is related to insufficient access control in Google ChromeOS and a Stored Cross-Site Scripting vulnerability in The Master Slider plugin for WordPress. This vulnerability allows authenticated attackers with editor-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.5, update to a version higher than 3.9.5 to resolve the issue. For Google ChromeOS, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YARPP – Yet Another Related Posts Plugin versions up to, and including, 5.30.9 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 5.30.9, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrator-level permissions and ensuring that unfiltered html is enabled to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FooGallery plugin for WordPress versions up to, and including, 2.4.7 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For FooGallery plugin for WordPress versions up to, and including, 2.4.7, update to a version later than 2.4.7 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled for all users who do not require it to be disabled, and restrict administrator-level permissions to only those who need them.

**Name of the Vulnerable Software and Affected Versions** Simple Share Buttons Adder plugin for WordPress versions up to, and including, 8.4.11 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 8.4.11, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrator-level permissions and ensuring that unfiltered html is enabled to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The SEO Plugin by Squirrly SEO plugin for WordPress versions up to and including 12.3.15 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to and including 12.3.15, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the vulnerability's impact.

**Name of the Vulnerable Software and Affected Versions** Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress versions up to, and including, 3.6.2 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 3.6.2, update to a version higher than 3.6.2 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the attack surface.

**Name of the Vulnerable Software and Affected Versions** WordPress plugin versions up to, and including, 3.1 **Description** The plugin is vulnerable to Stored Cross-Site Scripting via its shortcode due to insufficient input sanitization and output escaping on the `place id` attribute. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 3.1, consider disabling the shortcode functionality until a patch is available to prevent exploitation. Restrict access to pages that use the vulnerable shortcode to minimize the risk of arbitrary web script injection. Avoid using the `place id` attribute in the shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MapPress Maps for WordPress versions up to, and including, 2.88.16 **Description** The issue is related to Stored Cross-Site Scripting via the `width` and `height` parameters due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.88.16, consider disabling the `width` and `height` parameters until a patch is available to prevent exploitation. Restrict access to pages that may have been injected with malicious scripts to minimize the risk of execution. Update to a version that includes the necessary input sanitization and output escaping fixes to fully resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress versions up to, and including, 5.1.5 **Description** The issue is related to Stored Cross-Site Scripting via imported form titles due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 5.1.5, update to a version later than 5.1.5 to resolve the issue. As a temporary workaround, consider restricting access to imported form titles to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the attack surface.