Chawabhon Netisingha

**Name of the Vulnerable Software and Affected Versions** Meow Gallery versions prior to 5.4.5 **Description** The Meow Gallery plugin for WordPress allows unauthorized modification of data because of a missing capability check on the REST API endpoint "/wp-json/meow-gallery/v1/save shortcode". Authenticated attackers with Author-level access or higher can arbitrarily create or overwrite gallery shortcode records by providing a user-controlled `id` value. The system performs database updates without verifying if the user is authorized to modify the specific gallery record or create a new one. **Recommendations** Update the plugin to version 5.4.5 or later. As a temporary mitigation, restrict access to the "/wp-json/meow-gallery/v1/save shortcode" endpoint for users with Author-level permissions.

**Name of the Vulnerable Software and Affected Versions** ProfileGrid versions prior to 5.9.8.5 **Description** The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress contains an authorization bypass. The issue occurs because the plugin fails to properly verify if a user is authorized to perform actions through the AJAX actions 'pm set group order', 'pm set group items', and 'pm set field order'. Authenticated attackers with Subscriber-level access or higher can exploit this to modify site-wide group settings, including group menu order, group list order, group icon display, and field ordering. **Recommendations** Update to a version later than 5.9.8.4.

**Name of the Vulnerable Software and Affected Versions** CodeColorer versions prior to 0.10.2 **Description** The CodeColorer plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the `class` parameter of the 'cc' comment shortcode. Unauthenticated attackers can inject arbitrary web scripts into pages, which execute when a user accesses the affected page. This exploitation is possible if comments are enabled on the target post and guest comments are permitted. **Recommendations** Update to a version later than 0.10.1.

**Name of the Vulnerable Software and Affected Versions** Basic Google Maps Placemarks versions prior to 1.10.8 **Description** The Basic Google Maps Placemarks plugin for WordPress contains an authorization bypass. The issue arises because the plugin fails to properly verify if a user is authorized to perform specific actions, allowing unauthenticated attackers to modify stored map latitude and longitude options. **Recommendations** Update the plugin to a version later than 1.10.7.

**Name of the Vulnerable Software and Affected Versions** Quick Interest Slider versions prior to 3.1.6 **Description** The Quick Interest Slider plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary web scripts through the 'loan-amount' and 'loan-period' parameters, which execute when a user accesses an affected page. **Recommendations** Update to a version later than 3.1.5. As a temporary workaround, restrict the use of the `loan-amount` and `loan-period` parameters until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Pre* Party Resource Hints plugin for WordPress versions through 1.8.20 **Description** The Pre* Party Resource Hints plugin for WordPress is susceptible to SQL Injection. This occurs through the `hint ids` parameter of the `pprh update hints` AJAX action, stemming from inadequate input sanitization and insufficient query preparation. An authenticated attacker with Subscriber-level access or higher can inject additional SQL queries into existing database queries, potentially extracting sensitive information. The vulnerable parameter is `hint ids` and the affected action is `pprh update hints`. **Recommendations** Update Pre* Party Resource Hints plugin for WordPress to a version later than 1.8.20.