Ben Bidner

**Name of the Vulnerable Software and Affected Versions** ActivityPub WordPress plugin version 1.0.0 and earlier **Description** The issue allows contributors and above roles to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitize and escape some data from post content. **Recommendations** For ActivityPub WordPress plugin versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ActivityPub WordPress plugin versions prior to 1.0.0 **Description** The issue allows users with a role of Contributor and above to perform Stored XSS attacks due to the plugin not escaping user metadata before outputting them in mentions. **Recommendations** For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the role of users to prevent those with a role of Contributor and above from exploiting this issue until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Lester 'GaMerZ' Chan WP-PostRatings plugin version 1.89 and earlier **Description** The issue is related to a race condition that allows rating increase or decrease in the WP-PostRatings plugin. **Recommendations** For Lester 'GaMerZ' Chan WP-PostRatings plugin version 1.89 and earlier, update to a version later than 1.89 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.4.2 WordPress versions 3.7.34 through 5.3.4 **Description** The issue is related to the lack of neutralization of script-related HTML tags on a web page, which can be exploited by a remote attacker to compromise data integrity. Additionally, when uploading themes, the name of the theme folder can be crafted to lead to JavaScript execution in /wp-admin on the themes page, requiring an admin to upload the theme. This is a low severity self-XSS issue. The vulnerability can also be exploited to bypass authentication, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For WordPress versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. For WordPress versions 3.7.34 through 5.3.4, update to the corresponding minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34) to resolve the issue. As a temporary workaround, consider restricting access to the theme upload feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.4.2 WordPress versions 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34 **Description** The issue arises from the misuse of the `set-screen-option` filter's return value, allowing arbitrary user meta fields to be saved. This requires an admin to install a plugin that would misuse the filter, and once installed, it can be leveraged by low-privileged users. **Recommendations** For versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. For versions 5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34, update to the respective minor release or later to resolve the issue. As a temporary workaround, consider restricting the installation of plugins to prevent potential misuse of the `set-screen-option` filter until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 **Description** The issue is related to the `render block core search` function and the `rss.php` file in WordPress, which has inadequate protection measures for web page structures. This can be exploited by a remote attacker to impact data integrity. The exploitation requires an authenticated user with the ability to add content. A special payload can be crafted to lead to scripts getting executed within the search block of the block editor. **Recommendations** For WordPress versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the block editor for authenticated users until the update is applied. Avoid using the `render block core search` function and the `rss.php` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 **Description** A cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. The issue is related to insufficient protection measures for web page structures, which could allow a remote attacker to impact data integrity. **Recommendations** For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. For versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33, update to the respective minor release or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 5.4.1 WordPress versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33 **Description** A password reset link emailed to a user does not expire upon changing the user password, allowing access to the email account of the user by a malicious party for successful execution. The issue is related to the lack of a password reset mechanism and can be exploited by a remote attacker to gain access to confidential data and compromise its integrity. **Recommendations** For versions prior to 5.4.1, update to version 5.4.1 or later to resolve the issue. For versions 5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33, update to the respective minor release or later to resolve the issue. As a temporary workaround, consider restricting access to the email account of the user to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP-PostRatings plugin versions 1.50 through 1.61 **Description** The issue allows remote authenticated users with the Author role to execute arbitrary SQL commands via the `id` attribute of the "ratings shortcode" when creating a post. **Recommendations** For WP-PostRatings plugin versions 1.50 through 1.61, update to version 1.62 or later to resolve the issue.