Alexander Chikaylo

**Name of the Vulnerable Software and Affected Versions** Qyrr – simply and modern QR-Code creation plugin for WordPress versions through 2.0.7 **Description** The Qyrr plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the `blob to file()` function. Attackers with Contributor-level access or higher can upload any file type to the server, potentially leading to remote code execution. **Recommendations** Update the Qyrr plugin to a version later than 2.0.7.

**Name of the Vulnerable Software and Affected Versions** Catalog Importer, Scraper & Crawler plugin for WordPress versions through 5.1.4 **Description** The Catalog Importer, Scraper & Crawler plugin for WordPress is susceptible to PHP code injection due to reliance on a guessable numeric token (e.g., `?key= 900001705`) without proper authentication, combined with the unsafe use of the `eval()` function on user-supplied input. This allows unauthenticated attackers to execute arbitrary PHP code on the server via a forged request if they can guess or brute-force the numeric key. **Recommendations** Versions prior to 5.1.5 are affected. Update to a version later than 5.1.4.

Name of the Vulnerable Software and Affected Versions: WooCommerce Purchase Orders plugin for WordPress versions up to and including 1.0.2 Description: The WooCommerce Purchase Orders plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the `delete file()` function. Authenticated attackers possessing Subscriber-level access or higher can exploit this flaw to remove arbitrary files on the server. Successful deletion of critical files, such as wp-config.php, could lead to remote code execution. Recommendations: Update WooCommerce Purchase Orders plugin to a version later than 1.0.2.

**Name of the Vulnerable Software and Affected Versions:** GB Forms DB plugin for WordPress versions up to and including 1.0.2 **Description:** The GB Forms DB plugin for WordPress is susceptible to Remote Code Execution via the `gbfdb talk to front()` function. The function accepts user input and passes it through `call user func()`, allowing unauthenticated attackers to execute code on the server. This could enable attackers to inject backdoors or create new administrative user accounts. **Recommendations:** Update the GB Forms DB plugin to a version beyond 1.0.2.

Name of the Vulnerable Software and Affected Versions: TicketBAI Facturas para WooCommerce plugin for WordPress versions up to, and including, 3.18 Description: The issue concerns arbitrary file deletion due to insufficient file path validation via the 'delpdf' action. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution when critical files, such as wp-config.php, are deleted. Recommendations: For versions up to, and including, 3.18, consider disabling the 'delpdf' action as a temporary workaround until a patch is available. Restrict access to sensitive files to minimize the risk of exploitation. Avoid using the 'delpdf' action in the affected plugin until the issue is resolved. Update to a version later than 3.18 once available to fully resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NewsBlogger theme for WordPress versions up to, and including, 0.2.5.1 **Description** The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the `newsblogger install and activate plugin()` function. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible. **Recommendations** For NewsBlogger theme for WordPress versions up to, and including, 0.2.5.1, consider disabling the `newsblogger install and activate plugin()` function until a patch is available to prevent arbitrary file uploads. Restrict access to the affected site's server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.