Bl4Derunner

**Name of the Vulnerable Software and Affected Versions** Menu Item Visibility Control WordPress plugin versions 0.5 and earlier **Description** The issue concerns the Menu Item Visibility Control WordPress plugin, which fails to properly sanitize and validate the `Visibility logic` option for WordPress menu items. This could potentially allow highly privileged users to execute arbitrary PHP code, even in environments with heightened security measures. **Recommendations** For Menu Item Visibility Control WordPress plugin versions 0.5 and earlier, consider disabling the `Visibility logic` option until a patch is available to prevent potential exploitation. Restrict access to this feature to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** Download Monitor WordPress plugin versions prior to 4.4.5 **Description** The issue arises from the improper validation and escaping of the `orderby` GET parameter in SQL statements when viewing logs, leading to an SQL Injection issue. **Recommendations** For versions prior to 4.4.5, update to version 4.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the log viewing functionality until the update is applied.

Name of the Vulnerable Software and Affected Versions: The Rich Reviews by Starfish WordPress plugin versions prior to 1.9.6 Description: The issue arises from improper validation of the `orderby` GET parameter in the pending reviews page, which is then used in a SQL statement. This leads to an authenticated SQL injection issue. Recommendations: For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: SEO Booster WordPress plugin versions prior to 3.8 Description: The issue allows for authenticated SQL injection via the "fn my ajaxified dataloader ajax" AJAX request. The `$ REQUEST['order'][0]['dir']` parameter is not properly escaped, leading to blind and error-based SQL injections. Recommendations: For versions prior to 3.8, update to version 3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "fn my ajaxified dataloader ajax" AJAX request until the update is applied. Avoid using the `$ REQUEST['order'][0]['dir']` parameter in the affected AJAX endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: myCred WordPress plugin versions prior to 2.3 Description: The issue concerns an SQL injection that occurs because the `fields` parameter is not validated or escaped before being used in a SQL statement. This can be exploited by any authenticated user. Recommendations: For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL statement that uses the `fields` parameter until a patch is available. Avoid using the `fields` parameter in SQL statements until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: The Email Before Download WordPress plugin versions prior to 6.8 Description: The issue arises from the improper validation and escaping of the `order` and `orderby` GET parameters before using them in SQL statements, leading to authenticated SQL injection issues. Recommendations: For versions prior to 6.8, update to version 6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints that utilize the `order` and `orderby` parameters until a patch is available. Avoid using the `order` and `orderby` parameters in affected SQL statements until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Email Log WordPress plugin versions prior to 2.4.7 Description: The issue concerns the improper validation, sanitization, and escaping of the `orderby` and `order` GET parameters in SQL statements within the admin dashboard, leading to potential SQL injections. Recommendations: For versions prior to 2.4.7, update to version 2.4.7 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Stream WordPress plugin versions prior to 3.8.2 Description: The issue arises from the lack of sanitization and validation of the `order` GET parameter from the Stream Records admin dashboard, which is then used in a SQL statement. This leads to an SQL injection issue. Recommendations: For versions prior to 3.8.2, update to version 3.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Stream Records admin dashboard to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: The Header Footer Code Manager WordPress plugin versions prior to 1.1.14 Description: The issue arises from the lack of validation and escaping of the `orderby` and `order` request parameters before they are used in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections. Recommendations: For versions prior to 1.1.14, update to version 1.1.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the Snippets admin dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Similar Posts WordPress plugin versions 3.1.5 and earlier **Description** The issue allows high privilege users to execute arbitrary PHP code in a hardened environment, where DISALLOW FILE EDIT, DISALLOW FILE MODS, and DISALLOW UNFILTERED HTML are set to true. This is achieved via the `widget rrm similar posts condition` widget setting of the plugin. **Recommendations** For versions 3.1.5 and earlier, consider disabling the `widget rrm similar posts condition` widget setting to prevent exploitation until a patch is available. Restrict access to the plugin's settings for high privilege users to minimize the risk of arbitrary PHP code execution.

Name of the Vulnerable Software and Affected Versions: Check & Log Email WordPress plugin versions prior to 1.0.3 Description: The issue arises from the lack of validation and escaping of the `order` and `orderby` GET parameters before they are used in a SQL statement when viewing logs, leading to SQL injection issues. Recommendations: For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: MainWP Child Reports WordPress plugin versions prior to 2.0.8 Description: The issue is related to an SQL injection problem. It occurs because the `order` parameter is not validated or sanitized before being used in a SQL statement in the admin dashboard. Recommendations: For versions prior to 2.0.8, update to version 2.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EditorsKit WordPress plugin versions prior to 1.31.6 **Description** The issue allows users with a role as low as contributor to execute arbitrary PHP code due to the lack of sanitization and validation of the Conditional Logic of the Custom Visibility settings. **Recommendations** For versions prior to 1.31.6, update to version 1.31.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Custom Visibility settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Permalink Manager Lite WordPress plugin versions prior to 2.2.13.1 **Description** The issue is related to the failure to validate and escape the `orderby` parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection. This could allow a remote attacker to execute arbitrary SQL code. **Recommendations** For Permalink Manager Lite WordPress plugin versions prior to 2.2.13.1, update to version 2.2.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Permalink Manager page to minimize the risk of exploitation. Avoid using the `orderby` parameter in the affected page until the issue is resolved.