Bugbang

**Name of the Vulnerable Software and Affected Versions** JoomSport WordPress plugin versions prior to 5.1.8 **Description** The issue arises from the joomsport md load AJAX action in the JoomSport WordPress plugin, which unserializes user input from the `shattr` POST parameter. This leads to a PHP Object Injection issue. Although the plugin itself does not have a suitable gadget chain to exploit this, the presence of other installed plugins could potentially lead to more severe issues, such as Remote Code Execution (RCE). **Recommendations** For versions prior to 5.1.8, update to version 5.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the joomsport md load AJAX action until a patch is available. Avoid using the `shattr` parameter in the affected AJAX endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Captchinoo, Google recaptcha for admin login page WordPress plugin versions prior to 2.4 Description: The issue allows low-privileged users to exploit the AJAX action 'cp plugins do button job later callback' to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities, such as remote code execution (RCE). Recommendations: For versions prior to 2.4, update to version 2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'cp plugins do button job later callback' AJAX action to prevent low-privileged users from installing and activating arbitrary plugins.

Name of the Vulnerable Software and Affected Versions: WooCommerce Conditional Marketing Mailer WordPress plugin versions prior to 1.5.2 Description: The issue allows low-privileged users to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities. Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action 'cp plugins do button job later callback' until the update is applied.

Name of the Vulnerable Software and Affected Versions: WP Maintenance Mode & Site Under Construction WordPress plugin versions prior to 1.8.2 Description: The issue allows low-privileged users to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This can be achieved by utilizing the AJAX action `cp plugins do button job later callback`. The exploitation of this issue could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities, such as remote code execution (RCE). Recommendations: For WP Maintenance Mode & Site Under Construction WordPress plugin versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cp plugins do button job later callback` AJAX action until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Visitor Traffic Real Time Statistics WordPress plugin versions prior to 2.12 Description: The issue allows low-privileged users to exploit the AJAX action 'cp plugins do button job later callback' to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities, such as Remote Code Execution (RCE). Recommendations: For Visitor Traffic Real Time Statistics WordPress plugin versions prior to 2.12, update to version 2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'cp plugins do button job later callback' AJAX action to prevent low-privileged users from installing and activating arbitrary plugins.

Name of the Vulnerable Software and Affected Versions: Login Protection - Limit Failed Login Attempts WordPress plugin versions prior to 2.9 Description: The issue allows low-privileged users to exploit the AJAX action 'cp plugins do button job later callback' to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities, such as remote code execution (RCE). Recommendations: For versions prior to 2.9, update to version 2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'cp plugins do button job later callback' AJAX action to prevent low-privileged users from installing and activating arbitrary plugins.

Name of the Vulnerable Software and Affected Versions: Login as User or Customer (User Switching) WordPress plugin versions prior to 1.8 Description: The issue allows low privileged users to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog using the AJAX action 'cp plugins do button job later callback'. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities, such as remote code execution (RCE). Recommendations: For versions prior to 1.8, update to version 1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'cp plugins do button job later callback' AJAX action to prevent low privileged users from installing and activating arbitrary plugins.

Name of the Vulnerable Software and Affected Versions: WP Content Copy Protection & No Right Click WordPress plugin versions prior to 3.1.5 Description: The issue allows low-privileged users to exploit the AJAX action 'cp plugins do button job later callback' to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could enable attackers to install vulnerable plugins, potentially leading to more critical issues. Recommendations: For WP Content Copy Protection & No Right Click WordPress plugin versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tree Sitemap WordPress plugin versions prior to 2.9 **Description** The issue is related to the `cp plugins do button job later callback` AJAX action in the Tree Sitemap WordPress plugin, which is associated with authorization procedure errors. This can be exploited by low-privileged users to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could lead to more critical vulnerabilities, such as remote code execution (RCE). **Recommendations** For versions prior to 2.9, update to version 2.9 or later to resolve the issue. As a temporary workaround, consider disabling the `cp plugins do button job later callback` AJAX action until a patch is available.