Alexander Concha

Name of the Vulnerable Software and Affected Versions: Safe SVG WordPress plugin versions prior to 2.2.6 Description: The issue arises because the sanitisation code in the Safe SVG WordPress plugin only runs for paths that call `wp handle upload`, but not for code that uses `wp handle sideload`, which is often used to upload attachments via raw POST data. This can lead to potential security risks, including cross-site scripting (XSS) attacks. Recommendations: For Safe SVG WordPress plugin versions prior to 2.2.6, upgrade to version 2.2.6 or later to mitigate the risks associated with this issue. As a temporary workaround, consider restricting the use of `wp handle sideload` until the plugin is updated.

**Name of the Vulnerable Software and Affected Versions** My Account Page Editor WordPress plugin versions prior to 1.3.2 **Description** The issue allows any authenticated users to upload arbitrary files to the server, leading to remote code execution (RCE). This is due to the lack of validation for the profile picture to be uploaded. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities for authenticated users, especially subscribers, until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The All in One B2B for WooCommerce WordPress plugin versions 1.0.0 through 1.0.3 **Description** The issue allows an unauthenticated attacker to update the details of any user due to improper validation of parameters when updating user details. This can lead to privilege escalation if the password of an Admin user is updated. **Recommendations** For versions 1.0.0 through 1.0.3, update to a version that properly validates parameters when updating user details to prevent unauthorized user detail updates and potential privilege escalation.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Ninja Forms Product Add-ons version 1.7.1 and earlier **Description** The issue concerns the WooCommerce Ninja Forms Product Add-ons WordPress plugin, which does not validate the file to be uploaded. This allows any unauthenticated users to upload arbitrary files to the server, leading to Remote Code Execution (RCE). **Recommendations** For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider disabling file upload functionality until a patch is available. Restrict access to the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Disqus Comment System plugin versions prior to 2.76 for WordPress **Description** The issue allows remote attackers to hijack the authentication of administrators for requests, conducting cross-site scripting (XSS) attacks. This is achieved via the `disqus replace`, `disqus public key`, or `disqus secret key` parameter to "wp-admin/edit-comments.php" in manage.php, or by resetting or deleting plugin options via the `reset` parameter to "wp-admin/edit-comments.php". **Recommendations** For Disqus Comment System plugin versions prior to 2.76, update to version 2.76 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Disqus Comment System plugin versions prior to 2.76 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `step` parameter in the upgrade.php file. **Recommendations** For versions prior to 2.76, update to version 2.76 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress MU versions prior to 1.3.2 WordPress versions prior to 2.3.3 **Description** The issue allows remote authenticated users with `manage options` and `upload files` capabilities to execute arbitrary code. This is achieved by uploading a PHP script and adding the script's pathname to `active plugins`. **Recommendations** For WordPress MU versions prior to 1.3.2, update to version 1.3.2 or later. For WordPress versions prior to 2.3.3, update to version 2.3.3 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 2.2.1 WordPress MU version 1.2.3 **Description** The issue is related to an unrestricted file upload vulnerability. This allows remote authenticated users to upload and execute arbitrary PHP code. The vulnerability might be connected to the use of custom fields in normal posts and the wp postmeta table. **Recommendations** For WordPress version 2.2.1, update to a version that includes a complete fix for the issue. For WordPress MU version 1.2.3, update to a version that includes a complete fix for the issue. As a temporary workaround, consider restricting file uploads to authorized users only until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 2.0.10 RC2 WordPress versions prior to 2.1.3 RC2 in the 2.1 series **Description** A cross-site scripting (XSS) issue exists, allowing remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH INFO in the administration interface. This is related to loose regular expression processing of `PHP SELF`. **Recommendations** For WordPress versions prior to 2.0.10 RC2, update to version 2.0.10 RC2 or later. For WordPress versions prior to 2.1.3 RC2 in the 2.1 series, update to version 2.1.3 RC2 or later.