Camilla Flocco

**Name of the Vulnerable Software and Affected Versions** The Alchemist Ajax Upload plugin for WordPress versions up to and including 1.1 **Description** The Alchemist Ajax Upload plugin for WordPress has a flaw that allows unauthorized deletion of media files. This is due to a missing capability check within the `delete file` function. Unauthenticated attackers can exploit this to delete arbitrary WordPress media attachments. **Recommendations** Update The Alchemist Ajax Upload plugin to a version newer than 1.1.

**Name of the Vulnerable Software and Affected Versions** Crush.pics Image Optimizer versions prior to 1.8.8 **Description** The Crush.pics Image Optimizer plugin for WordPress is susceptible to unauthorized data modification. This is due to a lack of appropriate capability checks in multiple functions. Authenticated attackers with Subscriber-level access or higher can alter plugin settings, including disabling auto-compression and changing image quality settings. **Recommendations** Update to version 1.8.8 or later.

**Name of the Vulnerable Software and Affected Versions** Makesweat versions prior to 0.2 **Description** The Makesweat plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the `makesweat clubid` setting. An authenticated attacker with administrator-level access or higher can inject arbitrary web scripts into pages. These scripts will then execute when a user accesses the injected page. **Recommendations** Update Makesweat to version 0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Wish To Go plugin for WordPress versions up to and including 0.5.2 **Description** The Wish To Go plugin for WordPress is susceptible to Stored Cross-Site Scripting through shortcode attributes. Insufficient input sanitization and output escaping on user-supplied attributes allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the Wish To Go plugin to a version later than 0.5.2.

**Name of the Vulnerable Software and Affected Versions** WP Recipe Manager plugin for WordPress versions prior to 1.0.1 **Description** The WP Recipe Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping on user-supplied attributes within the `Skill Level` input field. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses the affected page. The vulnerable parameter is `Skill Level`. **Recommendations** Update the WP Recipe Manager plugin to version 1.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** F70 Lead Document Download plugin for WordPress versions through 1.4.4 **Description** The F70 Lead Document Download plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check within the `file download` function. An unauthenticated attacker can download any file from the WordPress media library by guessing or enumerating WordPress attachment IDs. **Recommendations** Update the F70 Lead Document Download plugin to a version newer than 1.4.4.

**Name of the Vulnerable Software and Affected Versions** Design Import/Export plugin for WordPress versions up to and including 2.2 **Description** The Design Import/Export plugin for WordPress is susceptible to SQL Injection through XML File Import. This is due to inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. An authenticated attacker with administrator privileges can inject additional SQL queries into existing ones, potentially extracting sensitive information from the database. **Recommendations** Update the Design Import/Export plugin to a version newer than 2.2.

**Name of the Vulnerable Software and Affected Versions** The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress versions prior to 2.7.1 **Description** The software is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation within the bulk delete functionality. This allows an attacker to delete arbitrary sliders if they can trick a site administrator into performing an action, such as clicking a malicious link. The attack requires the administrator to perform an action. **Recommendations** Update The Image Slider by Ays- Responsive Slider and Carousel plugin for WordPress to version 2.7.1 or later.

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht download big object origin' parameter in all versions up to, and including, 3.16.0. This is due to insufficient path validation in the handle big object download request function. This makes it possible for authenticated attackers, with administrator-level access and a valid access token, to read arbitrary files on the server, which can contain sensitive information such as database credentials and authentication keys.

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attackers to delete arbitrary marquees via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The DebateMaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the color options in the plugin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses a page with the debate shortcode. This only affects multi-site installations and installations where unfiltered html has been disabled.

The TWW Protein Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Header' setting in all versions up to, and including, 1.0.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered html has been disabled.

**Name of the Vulnerable Software and Affected Versions** WordPress Simple Download Counter plugin versions up to and including 2.2.2 **Description** The Simple Download Counter plugin for WordPress has a path traversal issue. Insufficient path validation in the `simple download counter parse path()` function allows authenticated attackers with Administrator-level access or higher to read arbitrary files on the server. These files may contain sensitive information, such as database credentials (wp-config.php) or system files. The vendor has disabled remote file downloads from arbitrary locations on multi-sites and provided a warning to site owners in the readme.txt file upon installation. **Recommendations** Update to a version beyond 2.2.2.

**Name of the Vulnerable Software and Affected Versions** Cute News Ticker plugin for WordPress versions prior to 1.0 **Description** The Cute News Ticker plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'color' shortcode attribute. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update the Cute News Ticker plugin to a version newer than 1.0.

**Name of the Vulnerable Software and Affected Versions** Trail Manager plugin for WordPress versions prior to 1.0.1 **Description** The Trail Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update the Trail Manager plugin to version 1.0.1 or later.