Ch4R0N

**Name of the Vulnerable Software and Affected Versions** SKT PayPal for WooCommerce plugin for WordPress versions prior to 1.5 **Description** The SKT PayPal for WooCommerce plugin for WordPress is susceptible to a payment bypass issue. This occurs because the plugin relies solely on client-side controls for payment processing, rather than implementing server-side validation. This allows unauthenticated attackers to complete purchases without making actual payments. **Recommendations** Update the SKT PayPal for WooCommerce plugin to version 1.5 or later.

**Name of the Vulnerable Software and Affected Versions** Captcha.eu versions n/a through 1.0.61 **Description** A Server-Side Request Forgery (SSRF) vulnerability exists in Captcha.eu captcha-eu. This allows for Server Side Request Forgery. **Recommendations** Update Captcha.eu to a version greater than 1.0.61.

**Name of the Vulnerable Software and Affected Versions** DELUCKS SEO versions through 2.5.9 **Description** A missing authorization flaw exists in DELUCKS SEO. This allows access to functionality that is not properly restricted by Access Control Lists (ACLs). **Recommendations** Update DELUCKS SEO to a version later than 2.5.9.

**Name of the Vulnerable Software and Affected Versions** Schema Plugin For Divi, Gutenberg & Shortcodes versions prior to 4.3.2 **Description** The Schema Plugin For Divi, Gutenberg & Shortcodes for WordPress is susceptible to Object Instantiation up to version 4.3.2 through deserialization of untrusted input via the `wpt schema breadcrumbs` shortcode. This allows authenticated attackers with Contributor-level access or higher to inject a PHP Object. The impact of this issue is limited unless another plugin or theme containing a PHP Object Payload (POP) chain is installed, which could allow actions like deleting files, retrieving sensitive data, or executing code. **Recommendations** Update the Schema Plugin For Divi, Gutenberg & Shortcodes to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** Blocksera Image Hover Effects – Elementor Addon versions through 1.4.4 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Testimonial plugin for WordPress versions prior to 2.3 Description: The Testimonial plugin for WordPress is susceptible to SQL Injection via the `iNICtestimonial` shortcode. This is due to insufficient escaping on the user-supplied parameter and a lack of sufficient preparation on the existing SQL query. This allows authenticated attackers with Contributor-level access or higher to append additional SQL queries to existing ones, potentially extracting sensitive information from the database. Recommendations: Update to a version prior to 2.3.

Name of the Vulnerable Software and Affected Versions: Spreadconnect versions n/a through 2.1.5 Description: A missing authorization issue exists in Spreadconnect. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AA-Team Pro Bulk Watermark Plugin for WordPress versions through 2.0 **Description** The AA-Team Pro Bulk Watermark Plugin for WordPress contains a path traversal flaw. The vulnerability allows attackers to traverse file paths using the '.../...//' sequence. **Recommendations** Update AA-Team Pro Bulk Watermark Plugin for WordPress to a version later than 2.0.

Name of the Vulnerable Software and Affected Versions: AfterShip Tracking versions n/a through 1.17.17 Description: A missing authorization flaw exists in AfterShip Tracking, allowing access to functionality not properly restricted by Access Control Lists (ACLs). Recommendations: Update AfterShip Tracking to a version later than 1.17.17.

Name of the Vulnerable Software and Affected Versions: WC Plus plugin for WordPress versions up to and including 1.2.0 Description: The WC Plus plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the `pluswc logo favicon logo base` API endpoint, allowing unauthenticated attackers to update the site’s favicon logo base. Recommendations: Update the WC Plus plugin to a version later than 1.2.0.

Name of the Vulnerable Software and Affected Versions: Ni WooCommerce Customer Product Report plugin for WordPress versions up to and including 1.2.4 Description: The Ni WooCommerce Customer Product Report plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the `ni woocpr action()` function. Authenticated attackers possessing Subscriber-level access or higher can exploit this to modify plugin settings. Recommendations: Update the Ni WooCommerce Customer Product Report plugin to a version later than 1.2.4.

Name of the Vulnerable Software and Affected Versions: WP Filter & Combine RSS Feeds plugin for WordPress versions up to and including 0.4 Description: The WP Filter & Combine RSS Feeds plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check within the `post listing page()` function. This allows authenticated attackers with Contributor-level access or higher to delete RSS feeds. Recommendations: Update the WP Filter & Combine RSS Feeds plugin to a version beyond 0.4.

Name of the Vulnerable Software and Affected Versions: paymayapg Maya Business versions through 1.2.0 Description: An authorization bypass exists in paymayapg Maya Business due to a user-controlled key. This allows access to functionality not properly constrained by Access Control Lists (ACLs). Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Templately versions through 3.2.7 Description: An information insertion issue in WPDeveloper Templately allows retrieval of embedded sensitive data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales versions through 1.1.7 Description: A missing authorization issue exists in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales, allowing exploitation of incorrectly configured access control security levels. Recommendations: Update VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales to a version later than 1.1.7.

Name of the Vulnerable Software and Affected Versions: The E-Commerce ERP versions n/a through 2.1.1.3 Description: A missing authorization flaw exists in Unity Business Technology Pty Ltd The E-Commerce ERP. This issue allows access to functionality that is not properly restricted by Access Control Lists (ACLs). Recommendations: Update The E-Commerce ERP to a version later than 2.1.1.3.

**Name of the Vulnerable Software and Affected Versions** WP Wallcreeper plugin for WordPress versions up to and including 1.6.1 **Description** The WP Wallcreeper plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the `admin notices` hook. This allows authenticated attackers with Subscriber-level access or higher to enable and disable caching. **Recommendations** Update WP Wallcreeper plugin to a version later than 1.6.1.

**Name of the Vulnerable Software and Affected Versions** Omnishop versions up to and including 1.0.9 **Description** The Omnishop plugin for WordPress is susceptible to Cross-Site Request Forgery on its `/users/delete` REST route. The route’s permission callback only verifies that the requester is logged in, but does not require a nonce or other proof of intent. This allows unauthenticated attackers to delete arbitrary user accounts via a forged request if they can trick a site administrator into performing an action, such as clicking a link. **Recommendations** Update Omnishop to a version later than 1.0.9.

**Name of the Vulnerable Software and Affected Versions** Featured Image Plus – Quick & Bulk Edit with Unsplash versions prior to 1.6.4 **Description** The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is susceptible to Server-Side Request Forgery via the `fip get image options()` function. This allows authenticated attackers with administrator-level access or higher to initiate web requests to arbitrary locations from the web application. This capability can be used to query and modify information from internal services. **Recommendations** Update Featured Image Plus – Quick & Bulk Edit with Unsplash to a version later than 1.6.4.

**Name of the Vulnerable Software and Affected Versions** Omnishop plugin for WordPress versions up to and including 1.0.9 **Description** The Omnishop plugin for WordPress is susceptible to unauthenticated registration bypass. The `/users/register` API endpoint is publicly exposed and unconditionally invokes the `wp create user()` function, bypassing site registration settings and security checks like nonce or CAPTCHA verification. This allows unauthenticated attackers to create arbitrary user accounts. **Recommendations** Update the Omnishop plugin to a version newer than 1.0.9.