Ancorn

Name of the Vulnerable Software and Affected Versions: EventON versions n/a through 2.3.2 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This is a type of vulnerability where an attacker can manipulate the filename used in include or require statements, potentially allowing them to execute malicious code. Recommendations: For versions n/a through 2.3.2, update to a version later than 2.3.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Plus Addons for Elementor versions up to, and including, 5.6.2 **Description** The issue is related to Stored Cross-Site Scripting via the `carousel direction` parameter of the testimonials widget. This is due to insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.6.2, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the testimonials widget or disabling the `carousel direction` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.7.2 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user-supplied attributes like `title tag`. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.7.2, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the plugin's widgets for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Spectra Pro plugin for WordPress versions up to, and including, 1.1.4 **Description** The issue is related to Stored Cross-Site Scripting via block ids due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For Spectra Pro plugin for WordPress versions up to, and including, 1.1.4, update to a version higher than 1.1.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to, and including, 1.62.2 Description: The issue is related to Stored Cross-Site Scripting via the Image Grid widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 1.62.2, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Image Grid widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Genesis Blocks plugin for WordPress versions up to, and including, 3.1.3 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Sharing block due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For Genesis Blocks plugin for WordPress versions up to, and including, 3.1.3, update to a version later than 3.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the Sharing block for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.7 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Posts Grid widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 8.3.7, update to a version higher than 8.3.7 to resolve the issue. As a temporary workaround, consider restricting access to the Posts Grid widget for users with contributor-level access and above until a patch is available.

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.5 Description: The issue is related to Stored Cross-Site Scripting via the `url` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. Recommendations: For versions up to, and including, 1.13.5, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the `url` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions up to, and including, 5.6.0 Description: The issue is related to Stored Cross-Site Scripting via the `video color` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 5.6.0, consider disabling the `video color` parameter until a patch is available to prevent exploitation. Restrict access to pages that may have been injected with malicious scripts to minimize the risk of execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Divi theme for WordPress versions up to, and including, 4.25.1 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For Divi theme for WordPress versions up to, and including, 4.25.1, update to a version later than 4.25.1 to resolve the issue. As a temporary workaround, consider restricting access to page editing features for users with Author-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.13 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, such as `borderradius` and `timestamp`, in the plugin's 'shariff' shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.13, update to a version later than 4.6.13 to resolve the issue. As a temporary workaround, consider restricting access to the 'shariff' shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ElementsKit PRO plugin for WordPress versions up to, and including, 3.6.2 **Description** The issue allows authenticated attackers with contributor-level permissions and above to conduct Server-Side Request Forgery via the `render raw` function. This enables them to make web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services. **Recommendations** For versions up to, and including, 3.6.2, update to a version higher than 3.6.2 to resolve the issue. As a temporary workaround, consider disabling the `render raw` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.6.7 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Creative Button widget. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.6.7, update to a version that addresses the insufficient input sanitization and output escaping issue in the Creative Button widget. As a temporary workaround, consider restricting access to the Creative Button widget for users with contributor-level access and above until a patch is available.

Name of the Vulnerable Software and Affected Versions: SiteOrigin Widgets Bundle plugin for WordPress versions up to, and including, 1.61.1 Description: The issue is related to Stored Cross-Site Scripting in the SiteOrigin Blog Widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 1.61.1, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Royal Elementor Addons and Templates for WordPress versions up to, and including, 1.3.976 **Description** The issue is related to Stored Cross-Site Scripting via the `inline list` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level permissions and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 1.3.976, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the `inline list` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.276 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the `colibri video player` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.0.276, update to a version that addresses the insufficient input sanitization and output escaping issue in the `colibri video player` shortcode. As a temporary workaround, consider restricting access to the `colibri video player` shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress versions up to, and including, 5.9.22 **Description** The issue is related to Stored Cross-Site Scripting via the `get manual calendar events` function due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.9.22, update to a version higher than 5.9.22 to resolve the issue. As a temporary workaround, consider restricting access to the `get manual calendar events` function until a patch is available. Additionally, ensure that all user input is properly sanitized and validated to prevent malicious script injections.

**Name of the Vulnerable Software and Affected Versions** The Clever Fox plugin for WordPress version 25.2.0 and earlier **Description** The issue is related to Stored Cross-Site Scripting via the plugin's info box block due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions 25.2.0 and earlier, update to a version later than 25.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the info box block for users with contributor-level and above permissions until a patch is available. Additionally, ensure proper input validation and output escaping for all user-supplied attributes to prevent arbitrary web script injection.

**Name of the Vulnerable Software and Affected Versions** The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks plugin for WordPress versions up to, and including, 2.2.80 **Description** The issue is related to Stored Cross-Site Scripting via the `tag` attribute in blocks due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.2.80, update to a version higher than 2.2.80 to resolve the issue. As a temporary workaround, consider restricting access to the `tag` attribute in blocks to minimize the risk of exploitation. Additionally, ensure that only trusted users have contributor-level access and above to reduce the potential for arbitrary web script injection.

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.276 Description: The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 1.0.276, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the plugin's shortcode(s) to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to trusted users only.