Bikram Kharal

Name of the Vulnerable Software and Affected Versions: PeepSo Core: Groups plugin for WordPress versions up to, and including, 6.4.6.0 Description: The PeepSo Core: Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Group Description field due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 6.4.6.0, update to a version later than 6.4.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the Group Description field to minimize the risk of exploitation. Additionally, restrict the ability of subscribers to inject scripts into the Group Description field until a patch is available.

Name of the Vulnerable Software and Affected Versions: PeepSo Core: File Uploads plugin for WordPress versions up to, and including, 6.4.6.0 Description: The issue allows unauthenticated attackers to download files uploaded by other users, potentially exposing sensitive information, due to missing validation on a user-controlled key in the "file download" REST API endpoint. Recommendations: For versions up to, and including, 6.4.6.0, consider disabling access to the "file download" REST API endpoint until a patch is available to prevent unauthorized file downloads.

**Name of the Vulnerable Software and Affected Versions** The Community by PeepSo plugin for WordPress versions up to, and including, 6.4.6.1 **Description** The issue is related to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled. This is due to insufficient input sanitization and output escaping, allowing authenticated attackers with Subscriber-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 6.4.6.1, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider disabling Markdown support until a patch is available. Restrict access to posts, comments, and profiles to minimize the risk of exploitation. Avoid using URLs in these areas until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles versions prior to 6.3.1.0 **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. This allows for Stored XSS attacks. **Recommendations** For versions prior to 6.3.1.0, update to version 6.3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Community by PeepSo WordPress plugin versions prior to 6.3.1.2 **Description** The issue is related to the lack of a CSRF check when creating a user post, which could allow attackers to make logged-in users perform such actions via a CSRF attack. This could be exploited by making logged-in users create posts on their wall in their profile page without their knowledge or consent. **Recommendations** For versions prior to 6.3.1.2, update to version 6.3.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the user post creation feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WPQA Builder WordPress plugin versions prior to 5.9 **Description** The issue concerns a lack of CSRF check in the WPQA Builder WordPress plugin, specifically when following and unfollowing users. This could allow attackers to make logged-in users perform such actions via CSRF attacks. **Recommendations** For versions prior to 5.9, update to version 5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the follow and unfollow user functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WPQA Builder WordPress plugin versions prior to 5.7 **Description** The issue allows any logged-in user to read other users' private messages using the message id, which can easily be brute forced, due to a lack of authorization checks before displaying private messages. **Recommendations** For versions prior to 5.7, update to version 5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to private messages or implementing additional authorization checks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Discy WordPress theme versions prior to 5.2 **Description** The issue allows an attacker to trick an admin into resetting the site settings back to defaults by not checking for CSRF tokens in the AJAX action `discy reset options`. **Recommendations** For versions prior to 5.2, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `discy reset options` AJAX action to minimize the risk of exploitation.