Benachi

**Name of the Vulnerable Software and Affected Versions** PAYGENT for WooCommerce plugin versions prior to 2.4.6 **Description** The PAYGENT for WooCommerce plugin for WordPress is susceptible to a missing authorization issue. This occurs because of a lack of authorization checks within the `paygent check webhook` function, combined with the `paygent permission callback` function consistently returning true. This allows unauthenticated attackers to manipulate payment callbacks and alter order statuses by sending fabricated payment notifications to the `/wp-json/paygent/v1/check/` endpoint. **Recommendations** Update the PAYGENT for WooCommerce plugin to a version later than 2.4.6.

**Name of the Vulnerable Software and Affected Versions** The Simple Tweet plugin for WordPress versions up to, and including, 1.4.0.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the `Tweet this text` value. This allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.4.0.2, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the `Tweet this text` value to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce WordPress plugin versions prior to 2.9.5 **Description** The issue arises from the lack of file validation for uploads and the absence of authorization and CSRF protection in an AJAX action handling file uploads. This allows any authenticated user, such as a subscriber, to upload arbitrary files, including PHP files, to the server. **Recommendations** For versions prior to 2.9.5, update to version 2.9.5 or later to resolve the issue. As a temporary workaround, consider disabling the AJAX action handling file uploads until a patch is available. Restrict access to file upload functionality to minimize the risk of exploitation. Avoid using the file upload feature in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Request a Quote WordPress plugin versions prior to 2.3.9 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks due to the lack of sanitization and escaping of some settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Request a Quote WordPress plugin versions 2.3.7 and earlier **Description** The issue allows unauthenticated users to attach a malicious CSV file to a quote. This could lead to a CSV injection once an admin downloads and opens it. The problem arises from the lack of validation for uploaded CSV files. **Recommendations** For versions 2.3.7 and earlier, update to a version that includes the fix for this issue, as the current version does not validate uploaded CSV files, posing a risk of CSV injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Import CSV Files WordPress plugin version 1.0 **Description** The issue is related to the Import CSV Files WordPress plugin, which does not properly sanitise and escape imported data before outputting it back on a page. Additionally, it lacks a CSRF check when performing such actions, resulting in a Reflected Cross-Site Scripting issue. **Recommendations** For version 1.0, consider disabling the import functionality until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of Reflected Cross-Site Scripting attacks. Avoid using the plugin for importing CSV files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Best Contact Management Software WordPress plugin versions 3.7.3 and earlier **Description** The issue allows high privilege users, such as admin, to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions 3.7.3 and earlier, update to a version that addresses the sanitization and escaping of settings to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting the capability to edit settings to only trusted users until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WooCommerce - Product Importer WordPress plugin version 1.5.2 and earlier **Description** The issue is related to the WooCommerce - Product Importer WordPress plugin, which does not properly sanitise and escape imported data before outputting it back on the page. This leads to a Reflected Cross-Site Scripting issue. **Recommendations** For versions 1.5.2 and earlier, update to a version that properly sanitises and escapes imported data to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider disabling the import functionality until a patch is available. Restrict access to the plugin's import feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Ultimate WooCommerce CSV Importer WordPress plugin versions 2.0 and earlier **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape the imported data before outputting it back on the page. **Recommendations** For versions 2.0 and earlier, update to a version that properly sanitises and escapes imported data to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider disabling the import functionality until a patch is available. Restrict access to the import feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quotes llama WordPress plugin versions prior to 1.0.0 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed. This can be achieved by exploiting the lack of sanitization and escaping of quotes. Additionally, the attack can be performed by tricking an admin into importing a malicious CSV file. **Recommendations** For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the import of CSV files and limiting the ability of high privilege users to input unsanitized data until a patch is applied.