Avraham Shemesh

**Name of the Vulnerable Software and Affected Versions** Document Library Lite versions prior to 1.1.7 **Description** The Document Library Lite plugin for WordPress has an issue with authorization. An unauthenticated AJAX action, `dll load posts`, exposes a JSON table of document data without proper checks. The `args` array accepted by this handler allows attackers to retrieve unpublished document titles and content, including those with draft, pending, or future status. The vulnerable API endpoint is `/wp-admin/admin-ajax.php`. The `status` parameter within the `args` array is attacker-controlled. **Recommendations** Update Document Library Lite to version 1.1.7 or later.

**Name of the Vulnerable Software and Affected Versions** Chartify – WordPress Chart Plugin versions prior to 3.5.9 **Description** The software contains a missing authentication check for a critical function. An unauthenticated AJAX action is registered, dispatching to admin-class methods based on a request parameter without proper security checks. This allows attackers to potentially execute administrative functions via the `wp-admin/admin-ajax.php` endpoint if they can determine callable method names. **Recommendations** Update Chartify – WordPress Chart Plugin to version 3.5.9 or later.

**Name of the Vulnerable Software and Affected Versions** LayoutBoxx plugin for WordPress versions up to and including 0.3.1 **Description** The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running `do shortcode`. This enables the execution of actions that can lead to arbitrary shortcode execution. **Recommendations** For versions up to and including 0.3.1, update to a version that fixes this issue, as the current version allows for the execution of arbitrary shortcodes by unauthenticated attackers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Yame | Link In Bio plugin for WordPress versions 0.9.0 and earlier **Description** The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible phpinfo.php script. **Recommendations** For versions 0.9.0 and earlier, consider removing or restricting access to the phpinfo.php script to minimize the risk of sensitive information exposure until a patch is available.

**Name of the Vulnerable Software and Affected Versions** AM LottiePlayer plugin for WordPress versions up to, and including, 3.5.3 **Description** The issue is related to Stored Cross-Site Scripting via uploaded lottie files due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For AM LottiePlayer plugin for WordPress versions up to, and including, 3.5.3, update to a version higher than 3.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the lottie file upload feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Create custom forms for WordPress with a smart form plugin for smart businesses versions 1.2.4 and earlier **Description** The issue allows unauthenticated attackers to execute arbitrary shortcodes due to the software not properly validating a value before running `do shortcode()`. This makes it possible for attackers to execute arbitrary shortcodes. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For versions 1.2.4 and earlier, update to a version later than 1.2.4 to resolve the issue. As a temporary workaround, consider restricting access to the `do shortcode()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Contact Form by Bit Form plugin for WordPress versions up to, and including, 2.18.3 **Description** The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. **Recommendations** For versions up to, and including, 2.18.3, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Lottie Player plugin for WordPress versions up to, and including, 1.1.8 **Description** The issue is related to Stored Cross-Site Scripting via File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file. **Recommendations** For versions up to, and including, 1.1.8, update to a version higher than 1.1.8 to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to users with higher access levels than Author to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Accordion Gutenberg Block plugin for WordPress versions up to, and including, 5.0.1 **Description** The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. **Recommendations** For versions up to, and including, 5.0.1, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting SVG file uploads to prevent exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: Developer Toolbar plugin for WordPress versions 1.0.3 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible `phpinfo.php` script. Recommendations: For versions 1.0.3 and earlier, consider removing or restricting access to the `phpinfo.php` script to minimize the risk of sensitive information exposure until a patch is available.

Name of the Vulnerable Software and Affected Versions: Cart66 Cloud plugin for WordPress versions 2.3.7 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible `phpinfo.php` script. Recommendations: For versions 2.3.7 and earlier, consider restricting access to the `phpinfo.php` script to minimize the risk of exploitation. As a temporary workaround, remove or disable the `phpinfo.php` script until a patch is available.

Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress versions up to and including 2.6.22 Description: The issue is related to Stored Cross-Site Scripting via SVG file uploads, caused by insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts in pages that will execute when a user accesses the SVG file. Recommendations: For WP Project Manager plugin for WordPress versions up to and including 2.6.22, update to a version higher than 2.6.22 to resolve the issue. As a temporary workaround, consider restricting access to SVG file uploads for users with Author-level access and above until a patch is available. Avoid using the WP Project Manager plugin for WordPress with versions up to and including 2.6.22 for uploading SVG files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Z Companion plugin for WordPress versions up to and including 1.1.1 Description: The issue allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts in pages that will execute when a user accesses an uploaded SVG file, due to insufficient input sanitization and output escaping. This requires the Royal Shop theme to be installed. Recommendations: For Z Companion plugin for WordPress versions up to and including 1.1.1, update to a version higher than 1.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the SVG file upload feature until a patch is available.

Name of the Vulnerable Software and Affected Versions: ORDER POST plugin for WordPress versions up to, and including, 2.0.2 Description: The ORDER POST plugin for WordPress is vulnerable to arbitrary shortcode execution due to the software allowing users to execute an action that does not properly validate a value before running `do shortcode`. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes, potentially leading to remote code execution. Recommendations: For versions up to, and including, 2.0.2, consider disabling the `do shortcode` function or restricting access to it until a patch is available. As a temporary workaround, avoid using unvalidated input in the affected plugin to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: azurecurve Shortcodes in Comments plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is due to the software allowing users to execute an action that does not properly validate a value before running `do shortcode`. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. Recommendations: For versions up to, and including, 2.0.2, update to a version later than 2.0.2 to resolve the issue. As a temporary workaround, consider disabling the execution of shortcodes in comments until a patch is available.

Name of the Vulnerable Software and Affected Versions: GreenPay plugin for WordPress versions 3.0.0 through 3.0.9 Description: The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible `phpinfo.php` script. Recommendations: For versions 3.0.0 through 3.0.9, consider restricting access to the `phpinfo.php` script to prevent unauthenticated attackers from viewing sensitive information.

Name of the Vulnerable Software and Affected Versions: Accept SagePay Payments Using Contact Form 7 plugin for WordPress versions 2.0 and earlier Description: The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible `phpinfo.php` script. Recommendations: For Accept SagePay Payments Using Contact Form 7 plugin for WordPress versions 2.0 and earlier, consider restricting access to the `phpinfo.php` script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AI Content Pipelines plugin for WordPress versions up to, and including, 1.6 **Description** The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. **Recommendations** For versions up to, and including, 1.6, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting SVG file uploads to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Smart Icons For WordPress plugin for WordPress versions up to, and including, 1.0.4 **Description** The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Editor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. **Recommendations** For versions up to, and including, 1.0.4, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting via SVG File uploads. As a temporary workaround, consider restricting access to SVG file uploads for users with Editor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DAP to Autoresponders Email Syncing plugin for WordPress versions 1.0 and earlier **Description** The issue allows unauthenticated attackers to view potentially sensitive information through the publicly accessible `phpinfo.php` script. This makes it possible for attackers to access information that could be used for further exploitation. **Recommendations** For DAP to Autoresponders Email Syncing plugin for WordPress versions 1.0 and earlier, consider restricting access to the `phpinfo.php` script to prevent information disclosure until a patch is available.