Ala Arfaoui

**Name of the Vulnerable Software and Affected Versions** Video Merchant plugin for WordPress versions 5.0.4 and earlier **Description** The Video Merchant plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is due to inadequate nonce validation within the `video merchant add video file()` function. Successful exploitation allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution if they can trick a site administrator into performing an action, such as clicking a malicious link. **Recommendations** Update the Video Merchant plugin to a version newer than 5.0.4.

Name of the Vulnerable Software and Affected Versions: Team Circle Image Slider With Lightbox plugin for WordPress versions 1.0.4 and earlier Description: The issue arises from insufficient escaping of the user-supplied `id` parameter and lack of sufficient preparation on the existing SQL query, allowing authenticated attackers with Administrator-level access and above to append additional SQL queries to existing ones. This can be used to extract sensitive information from the database. Recommendations: For versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the `id` parameter in the affected plugin until a patch is available.

Name of the Vulnerable Software and Affected Versions: Thumbnail carousel slider plugin for WordPress version 1.0.4 and earlier Description: The issue arises from insufficient escaping on the user-supplied `id` parameter and lack of sufficient preparation on the existing SQL query, making it possible for unauthenticated attackers to append additional SQL queries into already existing queries. This can be used to extract sensitive information from the database. Recommendations: For versions up to and including 1.0.4, consider disabling the `id` parameter in the affected plugin until a patch is available. Restrict access to sensitive database information to minimize the risk of exploitation. Avoid using the `id` parameter in the plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Responsive Filterable Portfolio plugin for WordPress versions 1.0.8 and earlier **Description** The issue is related to SQL Injection via the `id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For Responsive Filterable Portfolio plugin for WordPress versions 1.0.8 and earlier, update to a version later than 1.0.8 to mitigate the risk of SQL Injection. As a temporary workaround, consider restricting access to the `id` parameter in the affected API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions prior to 1.0.4 WP Responsive Photo Gallery plugin for WordPress versions prior to 1.0.4 WP Responsive Photo Gallery plugin for WordPress version 1.0.3 **Description** The issue is related to SQL Injection via the `id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress versions prior to 1.0.4, update to version 1.0.4 or later to secure your site. For WP Responsive Photo Gallery plugin for WordPress versions prior to 1.0.4, update to version 1.0.4 or later to secure your site. For WP Responsive Photo Gallery plugin for WordPress version 1.0.3, update to version 1.0.4 or later to secure your site.

**Name of the Vulnerable Software and Affected Versions** video carousel slider with lightbox plugin for WordPress versions 1.0.0 through 1.0.6 **Description** The issue is related to SQL Injection via the `id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This allows authenticated attackers with administrator-level access and above to append additional SQL queries into already existing queries, which can be used to extract sensitive information from the database. **Recommendations** For versions 1.0.0 through 1.0.6, as a temporary workaround, consider restricting access to the `id` parameter in the affected plugin until a patch is available. Additionally, limiting administrator-level access can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OTA Sync Booking Engine Widget plugin for WordPress versions up to, and including, 1.2.7 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `otasync widget settings fnc()` function. This allows unauthenticated attackers to update the plugin's settings and inject malicious scripts via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.2.7, consider disabling the `otasync widget settings fnc()` function until a patch is available to prevent exploitation. Restrict access to the plugin's settings to minimize the risk of unauthorized updates. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Team Circle Image Slider With Lightbox plugin for WordPress version 1.0 **Description** The issue is due to missing or incorrect nonce validation on the `circle thumbnail slider with lightbox image management func()` function, making it possible for unauthenticated attackers to edit image data, which can be used to inject malicious JavaScript. Attackers can also delete images and upload malicious files via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For version 1.0, consider disabling the `circle thumbnail slider with lightbox image management func()` function until a patch is available to prevent exploitation. Restrict access to image management functionality to minimize the risk of unauthorized edits or uploads.

**Name of the Vulnerable Software and Affected Versions** The Audio Merchant plugin for WordPress versions up to, and including, 5.0.4 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `audio merchant save settings` function. This allows unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing a specific action. **Recommendations** For versions up to, and including, 5.0.4, update to a version that includes the fix for the missing or incorrect nonce validation in the `audio merchant save settings` function. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Audio Merchant plugin for WordPress versions up to, and including, 5.0.4 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `audio merchant add audio file` function. This allows unauthenticated attackers to upload arbitrary files via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link. **Recommendations** For versions up to, and including, 5.0.4, consider disabling the `audio merchant add audio file` function until a patch is available to prevent exploitation. Restrict access to file upload functionality to minimize the risk of arbitrary file uploads.

**Name of the Vulnerable Software and Affected Versions** Amazonify plugin for WordPress versions up to and including 0.8.1 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `amazonifyOptionsPage()` function. This allows unauthenticated attackers to update the plugin's settings, including the Amazon Tracking ID, by tricking a site administrator into performing an action such as clicking on a link. **Recommendations** For Amazonify plugin for WordPress versions up to and including 0.8.1, update to a version that includes proper nonce validation for the `amazonifyOptionsPage()` function to prevent Cross-Site Request Forgery attacks.

**Name of the Vulnerable Software and Affected Versions** Amazonify plugin for WordPress versions up to, and including, 0.8.1 **Description** The issue allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages due to insufficient input sanitization and output escaping in admin settings. This affects multi-site installations and installations where unfiltered html has been disabled, making it possible for injected scripts to execute when a user accesses an injected page. **Recommendations** For Amazonify plugin for WordPress versions up to, and including, 0.8.1, update to a version later than 0.8.1 to resolve the issue. As a temporary workaround, consider restricting administrator-level permissions and enabling unfiltered html to minimize the risk of exploitation. Additionally, restrict access to admin settings to prevent potential script injections.

**Name of the Vulnerable Software and Affected Versions** Digirisk plugin for WordPress version 6.0.0.0 **Description** The issue is related to Reflected Cross-Site Scripting via the `current group id` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For version 6.0.0.0, consider disabling the `current group id` parameter until a patch is available to prevent exploitation. Restrict access to pages that utilize this parameter to minimize the risk of arbitrary web script injection. Avoid using the `current group id` parameter in affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** video carousel slider with lightbox plugin for WordPress version 1.0 **Description** The issue is due to missing or incorrect nonce validation on the `responsive video gallery with lightbox video management func()` function, making it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request. This can happen if an attacker can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For version 1.0, consider disabling the `responsive video gallery with lightbox video management func()` function until a patch is available to prevent exploitation. Restrict access to video management functionality to minimize the risk of unauthorized video deletion. Avoid using the plugin until an update that addresses the nonce validation issue is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thumbnail carousel slider plugin for WordPress version 1.0 **Description** The issue is due to missing nonce validation on the `deleteselected` function, making it possible for unauthenticated attackers to delete sliders in bulk via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For version 1.0, consider disabling the `deleteselected` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of unauthorized slider deletion. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Thumbnail Slider With Lightbox plugin for WordPress version 1.0 **Description** The issue is due to missing or incorrect nonce validation on the `addedit` functionality. This allows unauthenticated attackers to upload arbitrary files via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For version 1.0, consider disabling the `addedit` functionality until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of uploading arbitrary files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Thumbnail Slider With Lightbox plugin for WordPress version 1.0 **Description** The issue is related to Stored Cross-Site Scripting via the `Image Title` field due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where `unfiltered html` has been disabled. **Recommendations** For version 1.0, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the `Image Title` field to minimize the risk of exploitation. Additionally, ensure that `unfiltered html` is enabled, if possible, to reduce the attack surface in single-site installations.

**Name of the Vulnerable Software and Affected Versions** Thumbnail Slider With Lightbox plugin for WordPress versions up to and including 1.0 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the delete functionality. This allows unauthenticated attackers to delete image lightboxes via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link. **Recommendations** For versions up to and including 1.0, update to a version that includes proper nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the delete functionality to minimize the risk of exploitation.