Bhumividh Treloges

**Name of the Vulnerable Software and Affected Versions** Mandatory Field plugin for WordPress versions prior to 1.6.9 **Description** The Mandatory Field plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts execute when a user accesses the injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update the Mandatory Field plugin to version 1.6.9 or later.

**Name of the Vulnerable Software and Affected Versions** Survey plugin for WordPress versions prior to 1.2 **Description** The Survey plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update the Survey plugin to version 1.2 or later.

**Name of the Vulnerable Software and Affected Versions** WP App Bar plugin for WordPress versions up to and including 1.5 **Description** The WP App Bar plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `app-bar-features` parameter. This is a result of inadequate input sanitization and output escaping, coupled with a missing authorization check within the `App Bar Settings` class constructor. This allows unauthenticated attackers to inject arbitrary web scripts into multiple plugin settings, which will then execute when a user accesses the admin settings page. **Recommendations** Update the WP App Bar plugin to a version newer than 1.5.

**Name of the Vulnerable Software and Affected Versions** Carta Online plugin for WordPress versions prior to 2.13.1 **Description** The software is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update to version 2.13.1 or later.

**Name of the Vulnerable Software and Affected Versions** Tennis Court Bookings plugin for WordPress versions prior to 1.2.8 **Description** The Tennis Court Bookings plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update the Tennis Court Bookings plugin to version 1.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** salavat counter Plugin versions prior to 0.9.5 **Description** The salavat counter Plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `image url` parameter. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the salavat counter Plugin to a version newer than 0.9.5.

**Name of the Vulnerable Software and Affected Versions** PostmarkApp Email Integrator plugin for WordPress versions up to and including 2.4 **Description** The PostmarkApp Email Integrator plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is caused by inadequate input sanitization and output escaping of the `pma api key` and `pma sender address` parameters within the plugin settings. An authenticated attacker with Administrator-level access or higher can inject malicious web scripts that execute when users access the settings page. **Recommendations** Update the PostmarkApp Email Integrator plugin to a version newer than 2.4.

**Name of the Vulnerable Software and Affected Versions** TalkJS plugin for WordPress versions prior to 0.1.16 **Description** The TalkJS plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts. These scripts execute when a user accesses an injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update the TalkJS plugin to version 0.1.16 or later.

**Name of the Vulnerable Software and Affected Versions** User Language Switch plugin for WordPress versions prior to 1.6.11 **Description** The User Language Switch plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `tab color picker language switch` parameter. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only impacts multi-site installations and installations where unfiltered html has been disabled. **Recommendations** Update the User Language Switch plugin to version 1.6.11 or later.

**Name of the Vulnerable Software and Affected Versions** User Language Switch plugin for WordPress versions prior to 1.6.11 **Description** The User Language Switch plugin for WordPress is susceptible to Server-Side Request Forgery due to insufficient URL validation within the `download language()` function. This allows authenticated attackers with Administrator-level access or higher to initiate web requests to arbitrary locations from the web application. This could potentially allow querying and modification of information from internal services. **Recommendations** Update the User Language Switch plugin to version 1.6.11 or later.

**Name of the Vulnerable Software and Affected Versions** Super Simple Contact Form plugin for WordPress versions up to and including 1.6.2 **Description** The Super Simple Contact Form plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input sanitization and output escaping of the `sscf name` parameter. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the Super Simple Contact Form plugin to a version later than 1.6.2.

**Name of the Vulnerable Software and Affected Versions** WPlyr Media Block plugin for WordPress versions through 1.3.0 **Description** The WPlyr Media Block plugin for WordPress has a Stored Cross-Site Scripting issue. This is due to inadequate input sanitization and output escaping of user-provided attributes. Specifically, the ` wplyr accent color` parameter is vulnerable. Authenticated attackers with Administrator-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update the WPlyr Media Block plugin to a version beyond 1.3.0.

**Name of the Vulnerable Software and Affected Versions** WordPress Category Image plugin versions prior to 2.1 **Description** The software is susceptible to Stored Cross-Site Scripting through the `tag-image` parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Editor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** iONE360 Configurator plugin for WordPress versions through 2.0.57 **Description** The iONE360 Configurator plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the Contact Form Parameters. An unauthenticated attacker can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update iONE360 Configurator plugin for WordPress to a version later than 2.0.57.

**Name of the Vulnerable Software and Affected Versions** Extended Random Number Generator versions prior to 1.2 **Description** The Extended Random Number Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin settings. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update Extended Random Number Generator to version 1.2 or later.

**Name of the Vulnerable Software and Affected Versions** WebPurify Profanity Filter versions up to and including 4.0.2 **Description** The WebPurify Profanity Filter plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check on the `webpurify save options` function. Unauthenticated attackers can exploit this to change plugin settings. **Recommendations** Update WebPurify Profanity Filter to a version later than 4.0.2.

**Name of the Vulnerable Software and Affected Versions** WP Content Permission versions prior to 1.3 **Description** The WP Content Permission plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the `ohmem-message` parameter. An authenticated attacker with Administrator-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The API endpoint involved is not explicitly mentioned. The vulnerable parameter is `ohmem-message`. **Recommendations** Update WP Content Permission to version 1.3 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress Code Explorer plugin versions through 1.4.6 **Description** The Code Explorer plugin for WordPress has a flaw that allows authorized users with Administrator-level access or higher to read arbitrary files on the server. This is possible through the `file` parameter, potentially exposing sensitive information. **Recommendations** Update the Code Explorer plugin to a version newer than 1.4.6.

**Name of the Vulnerable Software and Affected Versions** All push notification for WP versions up to and including 1.5.3 **Description** The All push notification for WP plugin for WordPress is susceptible to time-based SQL Injection via the `delete id` parameter. This is due to inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. Successful exploitation allows authenticated attackers with administrator-level access or higher to inject additional SQL queries into existing queries, potentially enabling the extraction of sensitive information from the database. **Recommendations** Versions prior to and including 1.5.3 should be updated to a newer, fixed version when available.

**Name of the Vulnerable Software and Affected Versions** JavaScript Notifier plugin for WordPress versions up to and including 1.2.8 **Description** The JavaScript Notifier plugin for WordPress is susceptible to Stored Cross-Site Scripting through plugin settings. This is caused by inadequate input sanitization and output escaping of user-supplied attributes within the `wp footer` action. An authenticated attacker with administrator privileges can inject arbitrary web scripts into pages, which will then execute when a user accesses the affected page. **Recommendations** Update the JavaScript Notifier plugin to a version newer than 1.2.8.