Brandon James Roldan

**Name of the Vulnerable Software and Affected Versions** The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin versions prior to 9.7.6 **Description** The issue is related to a lack of proper authorization check in one of the AJAX actions, allowing unauthorized access to retrieve sensitive information such as the list of active plugins and various version details like PHP, cURL, and WP. This affects unauthenticated users in versions prior to 9.7.5 and author+ users in version 9.7.5. **Recommendations** For versions prior to 9.7.6, update to version 9.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AJAX action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MapSVG WordPress plugin versions prior to 6.2.20 **Description** The issue concerns a SQL Injection that can be exploited by unauthenticated users due to the lack of validation and escaping of a parameter used in a SQL statement via a REST endpoint. **Recommendations** For versions prior to 6.2.20, update to version 6.2.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoint until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** LifterLMS PayPal WordPress plugin versions prior to 1.4.0 **Description** The issue arises from the plugin not sanitizing and escaping certain parameters from the payment confirmation page, leading to a Reflected Cross-Site Scripting issue. This occurs when these parameters are outputted back into the page. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the payment confirmation page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drag and Drop Multiple File Upload WordPress plugin versions prior to 1.3.6.3 **Description** The issue allows SVG files to be uploaded by default via the `dnd codedropz upload` AJAX action, which could lead to a Stored Cross-Site Scripting issue. **Recommendations** For versions prior to 1.3.6.3, update to version 1.3.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `dnd codedropz upload` AJAX action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Plezi WordPress plugin versions prior to 1.0.3 **Description** The issue allows unauthenticated users to update the `plz configuration tracker enable` option through a REST endpoint. This option is then displayed in the admin panel without proper sanitization and escaping, leading to a Stored Cross-Site Scripting issue. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoint that updates the `plz configuration tracker enable` option until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** FormCraft WordPress plugin versions prior to 3.8.28 **Description** The issue concerns the FormCraft WordPress plugin, where the URL parameter in the formcraft3 get AJAX action is not properly validated, leading to Server-Side Request Forgery (SSRF) issues. These issues can be exploited by unauthenticated users. **Recommendations** For versions prior to 3.8.28, update to version 3.8.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the formcraft3 get AJAX action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Voting Contest WordPress plugin versions prior to 3.0 **Description** The issue arises from the lack of sanitization and escaping of the `post id` parameter in the response via the "wpvc social share icons" AJAX action. This action is accessible to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. **Recommendations** For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wpvc social share icons" AJAX action to minimize the risk of exploitation. Avoid using the `post id` parameter in the affected AJAX endpoint until the issue is resolved.