Alex Sanford

**Name of the Vulnerable Software and Affected Versions** POST SMTP Mailer WordPress plugin versions prior to 2.8.7 **Description** The issue is related to the improper sanitization and escaping of several parameters in SQL statements, leading to a SQL injection. This can be exploited by high privilege users, such as admins. **Recommendations** For versions prior to 2.8.7, update to version 2.8.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** POST SMTP WordPress plugin versions prior to 2.8.7 **Description** The issue concerns a Reflected Cross-Site Scripting problem. It arises because the `msg` parameter is not properly sanitized and escaped before being outputted back on the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 2.8.7, update to version 2.8.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality that outputs the `msg` parameter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** rtMedia for WordPress, BuddyPress and bbPress versions prior to 4.6.16 **Description** The issue is related to the unsafe loading of import file contents, leading to remote code execution by privileged users. **Recommendations** For versions prior to 4.6.16, update to version 4.6.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Quiz Maker WordPress plugin versions prior to 6.4.9.5 **Description** The issue is related to Reflected Cross-Site Scripting, where generated URLs are not properly escaped before being outputted in attributes. This can lead to malicious scripts being executed. **Recommendations** For versions prior to 6.4.9.5, update to version 6.4.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to attributes that may contain generated URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 **Description** The issue arises from the failure to check nonce tokens early enough in the request lifecycle, allowing attackers with file upload capabilities to make logged-in users perform unwanted actions. This can lead to PHAR deserialization, potentially resulting in remote code execution. **Recommendations** For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** EventPrime WordPress plugin versions prior to 3.3.0 **Description** The issue allows an attacker to purchase bookings without making a payment by manipulating the price specified in the client request. **Recommendations** For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Limit Login Attempts Reloaded WordPress plugin versions prior to 2.25.26 **Description** The issue is related to missing authorization on the `toggle auto update` AJAX action. This allows any user with a valid nonce to toggle the auto-update status of the plugin. **Recommendations** For versions prior to 2.25.26, update to version 2.25.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the `toggle auto update` AJAX action to prevent unauthorized changes to the plugin's auto-update status.

**Name of the Vulnerable Software and Affected Versions** WP Fastest Cache versions prior to 1.2.2 **Description** The issue is related to the WP Fastest Cache WordPress plugin, which does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. This allows an attacker to execute arbitrary SQL queries. The vulnerability affects over 1 million sites. **Recommendations** For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using the `wordpress logged in` HTTP header Cookie parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Awesome Support WordPress plugin versions prior to 6.1.5 **Description** The issue allows a ticket submitter to delete arbitrary files on the server due to the plugin not sanitizing file paths when deleting temporary attachment files. **Recommendations** For versions prior to 6.1.5, update to version 6.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the file deletion functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Awesome Support WordPress plugin versions prior to 6.1.5 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high privilege users, such as admins. **Recommendations** For versions prior to 6.1.5, update to version 6.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EventPrime WordPress plugin versions prior to 3.2.0 **Description** The issue concerns a lack of CSRF checks when creating bookings. This could allow attackers to make logged-in users create unwanted bookings via CSRF attacks. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the booking creation feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** File Manager Pro WordPress plugin version 1.8.0 and earlier **Description** The issue arises from inadequate validation and escaping of some inputs in the File Manager Pro WordPress plugin, leading to cross-site scripting (XSS) attacks by high-privilege users. **Recommendations** For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** File Manager Pro WordPress plugin versions prior to 1.8.1 **Description** The issue allows admin users to upload arbitrary files, leading to remote code execution, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. **Recommendations** For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities for admin users in multisite installations until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** WordPress Gallery Plugin version prior to 3.39 **Description** The issue allows Admin users to perform Local File Inclusion (LFI) attacks due to the plugin's failure to validate certain block attributes before using them to generate paths passed to include functions. **Recommendations** For versions prior to 3.39, update to version 3.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's block attributes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** All in One B2B for WooCommerce WordPress plugin versions 1.0.3 and earlier **Description** The issue allows an attacker to perform CSRF attacks due to improper checking of nonce values in several actions. **Recommendations** For All in One B2B for WooCommerce WordPress plugin versions 1.0.3 and earlier, update to a version that properly checks nonce values to prevent CSRF attacks.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Addons for Contact Form 7 WordPress plugin versions prior to 3.1.29 **Description** The issue concerns the Ultimate Addons for Contact Form 7 WordPress plugin, where some settings are not properly sanitized and escaped. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 3.1.29, update to version 3.1.29 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation. Additionally, ensure that the unfiltered html capability is properly configured and disallowed for non-admin users to reduce the attack surface.

**Name of the Vulnerable Software and Affected Versions** wpForo Forum WordPress plugin versions prior to 2.1.9 **Description** The issue is related to a Reflected Cross-Site Scripting vulnerability. It occurs because the plugin does not escape some request parameters while in debug mode. **Recommendations** For versions prior to 2.1.9, update to version 2.1.9 or later to resolve the issue. As a temporary workaround, consider disabling the debug mode until a patch is available. Restrict access to the plugin's debug functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ERP WordPress plugin versions prior to 1.12.4 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `employee name` parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 1.12.4, update to version 1.12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `employee name` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Custom 404 Pro WordPress plugin versions prior to 3.8.1 **Description** The issue is related to improper sanitization of database inputs, leading to multiple SQL Injection vulnerabilities. This allows attackers to inject malicious SQL code, potentially leading to unauthorized access or modification of database content. **Recommendations** For versions prior to 3.8.1, update to version 3.8.1 or later to resolve the issue. As a temporary workaround, consider restricting database access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Formidable Forms WordPress plugin versions prior to 6.3.1 **Description** The issue allows a user with a low role, such as Subscriber, to install and activate arbitrary plugins of any version from the WordPress.org plugin repository, leading to remote code execution. This is due to inadequate authorization and validation of the plugin URL in the add-on installation functionality. **Recommendations** For versions prior to 6.3.1, update to version 6.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of low-role users to install plugins until the update is applied.