Benedictus Jovan

The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the peachpay stripe handle admin actions function. This makes it possible for unauthenticated attackers to permanently delete all stored Stripe credentials — including publishable keys, secret keys, webhook secrets, and Apple Pay configuration — from the WordPress database, disabling Stripe payment processing for the store via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

**Name of the Vulnerable Software and Affected Versions** WP To Do plugin for WordPress versions up to, and including, 1.3.0 **Description** The issue is a Stored Cross-Site Scripting problem due to insufficient input sanitization and output escaping, allowing authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages. This affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For WP To Do plugin for WordPress versions up to, and including, 1.3.0, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the comment functionality to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the vulnerability's impact.

**Name of the Vulnerable Software and Affected Versions** Pricing Table plugin for WordPress versions up to, and including, 2.0.1 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `ajax()` function. This allows unauthenticated attackers to perform various actions related to managing pricing tables by tricking a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 2.0.1, update to a version that includes the fix for the missing or incorrect nonce validation on the `ajax()` function. As a temporary workaround, consider restricting access to the `ajax()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pricing Table plugin for WordPress versions up to, and including, 2.0.1 **Description** The issue arises from a missing capability check on the `ajax()` function, allowing authenticated attackers with subscriber-level access and above to perform unauthorized actions, such as editing pricing tables. **Recommendations** For versions up to, and including, 2.0.1, update to a version higher than 2.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the `ajax()` function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Snippet Shortcodes plugin for WordPress versions up to, and including, 4.1.4 Description: The issue is due to missing or incorrect nonce validation when adding or editing shortcodes, making it possible for unauthenticated attackers to modify shortcodes via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. Recommendations: For versions up to, and including, 4.1.4, update to a version higher than 4.1.4 to resolve the issue. As a temporary workaround, consider restricting access to shortcode editing and addition functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Custom Product List Table plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is due to missing or incorrect nonce validation when modifying products, making it possible for unauthenticated attackers to add, delete, bulk edit, approve, or cancel products via a forged request. This can happen if an attacker can trick a site administrator into performing an action, such as clicking on a link. Recommendations: For versions up to, and including, 3.0.0, update to a version that includes proper nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to product modification features to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress versions up to, and including, 1.9.2 **Description** The issue allows authenticated attackers with subscriber access or above to modify the plugin's settings due to a missing capability check on the `disable fe assets` function. Additionally, the lack of a nonce check results in a CSRF vulnerability, enabling attackers to change the plugin's settings without proper validation. **Recommendations** For versions up to, and including, 1.9.2, update to a version that includes a fix for the missing capability check on the `disable fe assets` function and implements a nonce check to prevent CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fluid Notification Bar plugin for WordPress versions up to, and including, 3.2.3 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 3.2.3, update to a version later than 3.2.3 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the vulnerability's impact.

**Name of the Vulnerable Software and Affected Versions** Nafeza Prayer Time plugin for WordPress versions up to, and including, 1.2.9 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 1.2.9, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the attack surface.

**Name of the Vulnerable Software and Affected Versions** AffiEasy plugin for WordPress versions up to, and including, 1.1.7 **Description** The issue is related to Cross-Site Request Forgery. This occurs because the plugin improperly releases the tagged and patched version, using the vulnerable version as core files, while the patched version is included in a 'trunk' folder. This allows unauthenticated attackers to perform various actions via a forged request if they can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.1.7, update to a version later than 1.1.7 to resolve the issue. As a temporary workaround, consider restricting access to administrative functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Comparison Slider plugin for WordPress versions up to, and including, 1.0.5 **Description** The issue allows authenticated attackers with subscriber access or above to modify data due to a missing capability check on several AJAX actions. This enables them to change plugin settings and perform other actions, such as deleting sliders. **Recommendations** For versions up to, and including, 1.0.5, update to a version that includes a fix for the missing capability check on AJAX actions to prevent unauthorized modification of data.

**Name of the Vulnerable Software and Affected Versions** Comparison Slider plugin for WordPress versions up to, and including, 1.0.5 **Description** The issue is due to missing or incorrect nonce validation on several functions hooked to AJAX actions, making it possible for unauthenticated attackers to change slider titles, delete sliders, and modify plugin settings via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.0.5, update to a version that includes proper nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the AJAX actions hooked to the vulnerable functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP To Do plugin for WordPress versions up to, and including, 1.3.0 **Description** The issue is due to missing or incorrect nonce validation on the `wptodo manage()` function, making it possible for unauthenticated attackers to add new todo items via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.3.0, consider disabling the `wptodo manage()` function until a patch is available to prevent exploitation. Restrict access to the todo item management functionality to minimize the risk of unauthorized additions.

**Name of the Vulnerable Software and Affected Versions** Comparison Slider plugin for WordPress versions up to, and including, 1.0.5 **Description** The issue is related to Stored Cross-Site Scripting via the `slider title` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.0.5, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the slider title parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP To Do plugin for WordPress versions up to, and including, 1.3.0 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `wptodo settings()` function. This allows unauthenticated attackers to modify the plugin's settings via a forged request if they can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.3.0, consider disabling the `wptodo settings()` function until a patch is available to prevent modification of the plugin's settings via forged requests. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP To Do plugin for WordPress versions up to, and including, 1.3.0 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 1.3.0, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting administrator-level permissions to minimize the risk of exploitation. Additionally, enabling unfiltered html, if possible, may help mitigate the issue in some installations.

**Name of the Vulnerable Software and Affected Versions** Fetch JFT plugin for WordPress versions up to, and including, 1.8.3 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For Fetch JFT plugin for WordPress versions up to, and including, 1.8.3, update to a version higher than 1.8.3 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WP To Do plugin versions up to, and including, 1.3.0 Description: The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability due to missing or incorrect nonce validation on the `wptodo addcomment` function. This allows unauthenticated attackers to add comments to to do items via a forged request if they can trick a site administrator into performing an action, such as clicking on a link. Recommendations: For versions up to, and including, 1.3.0, update to a version that includes the fix for the nonce validation issue in the `wptodo addcomment` function. As a temporary workaround, consider restricting access to the `wptodo addcomment` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP-ViperGB plugin for WordPress versions up to, and including, 1.6.1 **Description** The issue is due to missing or incorrect nonce validation when saving plugin settings, making it possible for unauthenticated attackers to change the plugin's settings via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For WP-ViperGB plugin for WordPress versions up to, and including, 1.6.1, update to a version later than 1.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress versions up to, and including, 1.7 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 1.7, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrator-level permissions and ensuring that unfiltered html is enabled to minimize the risk of exploitation.