B0Lli

**Name of the Vulnerable Software and Affected Versions** Advanced Google reCaptcha plugin for WordPress versions up to, and including, 1.27 **Description** The issue allows unauthenticated attackers to bypass the Built-in Math Captcha Verification, enabling them to circumvent the CAPTCHA protection. This is a CAPTCHA Bypass issue. **Recommendations** For versions up to, and including, 1.27, update to a version higher than 1.27 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BuddyForms plugin for WordPress versions up to, and including, 2.8.15 **Description** The BuddyForms plugin for WordPress is affected by a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping on user-supplied attributes in the `buddyforms nav` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.8.15, consider disabling the `buddyforms nav` shortcode until a patch is available to prevent exploitation. Restrict access to pages that utilize this shortcode to minimize the risk of arbitrary script execution. Update to a version later than 2.8.15 when available.

**Name of the Vulnerable Software and Affected Versions** The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress versions up to, and including, 2.8.13 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'bf new submission link' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.8.13, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the 'bf new submission link' shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Google reCAPTCHA plugin for WordPress versions up to 1.25 **Description** The issue arises because the plugin does not utilize a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts. **Recommendations** For versions up to 1.25, update to a version higher than 1.25 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Frontend Admin by DynamiApps plugin for WordPress versions up to, and including, 3.25.1 **Description** The issue allows unauthenticated attackers to perform SQL Injection via the `orderby` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This enables attackers to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. The attack requires an unauthenticated user to have permission to view form submissions, and the form submission shortcode must be added to a page. **Recommendations** For versions up to, and including, 3.25.1, consider disabling the `orderby` parameter until a patch is available to prevent SQL Injection attacks. Restrict access to form submissions and limit the use of the form submission shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.63 **Description** The issue is related to unlimited height and width parameters for CAPTCHA images, allowing unauthenticated attackers to send multiple requests with large values. This results in slowing server resources if the server does not mitigate Denial of Service attacks. The attackers can exploit this by sending requests with large values for the height and width parameters of the CAPTCHA images. **Recommendations** For versions up to, and including, 5.2.63, update to a version higher than 5.2.63 to resolve the issue. As a temporary workaround, consider restricting access to the CAPTCHA image generation functionality to minimize the risk of exploitation. Restrict the `height` and `width` parameters for CAPTCHA images to prevent attackers from sending requests with large values.

**Name of the Vulnerable Software and Affected Versions** The Frontend Admin by DynamiApps plugin for WordPress versions up to, and including, 3.24.5 **Description** The issue is related to Stored Cross-Site Scripting via submission forms due to insufficient input sanitization and output escaping on the new Taxonomy form. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The exploitation is only possible when lower-level users have been granted access to submit specific forms, which is disabled by default. **Recommendations** Update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the submission forms for lower-level users until a patch is available. Restrict access to the new Taxonomy form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Frontend Admin by DynamiApps plugin for WordPress versions up to, and including, 3.24.5 **Description** The issue is due to insufficient controls on the `Role` field in a form, allowing unauthenticated attackers to create new administrative user accounts. This vulnerability affects the Frontend Admin by DynamiApps plugin for WordPress, making it possible for attackers to escalate privileges even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. **Recommendations** For versions up to, and including, 3.24.5, update to a version later than 3.24.5 to mitigate the risk of privilege escalation. As a temporary workaround, consider restricting access to the form that utilizes the `Role` field to prevent unauthenticated users from creating new administrative user accounts. Avoid providing access to the form to unauthenticated users until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress versions up to, and including, 4.1.3 **Description** The issue is related to Stored Cross-Site Scripting via the `provider name` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.1.3, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `provider name` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Additional Order Filters for WooCommerce plugin for WordPress versions up to, and including, 1.21 **Description** The issue arises from insufficient input sanitization and output escaping, making it possible for unauthenticated attackers to inject arbitrary web scripts in pages. This can be achieved by tricking a user into performing an action, such as clicking on a link, allowing attackers to execute arbitrary web scripts. The `shipping method filter` parameter is specifically vulnerable to Reflected Cross-Site Scripting. **Recommendations** For versions up to, and including, 1.21, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Reflected Cross-Site Scripting attacks via the `shipping method filter` parameter. As a temporary workaround, consider restricting access to the `shipping method filter` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The 404 Solution plugin for WordPress versions up to, and including, 2.35.17 **Description** The issue allows unauthenticated attackers to extract sensitive data, such as redirects including GET parameters, via the export feature. This could potentially reveal sensitive information. **Recommendations** For versions up to, and including, 2.35.17, update to a version later than 2.35.17 to resolve the issue. As a temporary workaround, consider disabling the export feature until a patch is available. Restrict access to the export functionality to minimize the risk of exploitation. Avoid using the export feature in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tripetto plugin for WordPress versions up to, and including, 8.0.3 **Description** The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the file. **Recommendations** For versions up to, and including, 8.0.3, update to a version later than 8.0.3 to resolve the issue. As a temporary workaround, consider restricting file uploads to trusted users only until a patch is available. Additionally, restrict access to uploaded files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Code Embed plugin for WordPress versions up to 2.5 **Description** The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery via the `ce get file()` function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. **Recommendations** For Code Embed plugin for WordPress versions up to 2.5, update to the latest version to mitigate the risk of Server-Side Request Forgery. As a temporary workaround, consider restricting access to the `ce get file()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.45 **Description** The issue is due to the plugin not properly neutralizing HTML elements from submitted forms, making it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views form submissions in their email. **Recommendations** For versions up to, and including, 5.2.45, update to a version later than 5.2.45 to resolve the issue. As a temporary workaround, consider restricting access to form submissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TablePress – Tables in WordPress made easy plugin for WordPress versions up to, and including, 2.4.2 **Description** The issue is related to Stored Cross-Site Scripting via the table cell content due to insufficient input sanitization and output escaping. This allows authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.4.2, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to table cell content editing to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drupal Security Kit versions 0.0.0 through 2.0.2 **Description** The issue is related to a 'Type Confusion' vulnerability, which allows an attacker to cause a denial of service via HTTP. This vulnerability can be exploited by a remote attacker. **Recommendations** For versions 0.0.0 through 2.0.2, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to resources that may be affected by the 'Type Confusion' vulnerability until a patch is available.