Chokri Hammedi

**Name of the Vulnerable Software and Affected Versions** WPvivid Backup & Migration versions prior to 0.9.129 **Description** The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress allows authenticated attackers with Administrator-level access and above to delete arbitrary folders on the server. This issue is caused by insufficient file path validation within the `delete cancel staging site()` function, which can lead to significant data loss. **Recommendations** Update to version 0.9.129 or later. As a temporary workaround, restrict access to the `delete cancel staging site()` function to minimize the risk of exploitation.

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft.

**Name of the Vulnerable Software and Affected Versions** weDevs Subscribe2 versions through 10.44 **Description** An authorization issue exists in weDevs Subscribe2, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update weDevs Subscribe2 to a version later than 10.44.

**Name of the Vulnerable Software and Affected Versions** weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress versions through 2.1.16 **Description** The weDocs plugin for WordPress is susceptible to unauthorized modification or loss of data. This occurs because of a missing capability check within the `wedocs user documentation handling capabilities` function. Authenticated attackers possessing Subscriber-level access or higher can edit any documentation post. **Recommendations** Update to a version later than 2.1.16.

**Name of the Vulnerable Software and Affected Versions** Owlfiles File Manager version 12.0.1 **Description** Owlfiles File Manager contains a cross-site scripting issue that enables attackers to inject malicious scripts. This is achieved by exploiting the `path` parameter within HTTP server endpoints, specifically the download and list endpoints. Attackers can construct URLs with embedded script tags to execute arbitrary JavaScript in the browsers of users. The vulnerable parameter is `path`. The affected API endpoints are the download and list endpoints. **Recommendations** Apply any available updates to address this issue. As a temporary workaround, consider sanitizing the `path` parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** WorkOrder CMS version 0.1.0 **Description** WorkOrder CMS version 0.1.0 has a SQL injection issue. An unauthenticated attacker can bypass login by manipulating the `username` and `password` parameters. Attackers can inject malicious SQL queries, such as 'OR 1=1' and stacked queries, to gain access to database information or execute administrative commands. The vulnerable parameters are used in a SQL query without proper sanitization. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `username` and `password` parameters before using them in SQL queries.

**Name of the Vulnerable Software and Affected Versions** Owlfiles File Manager version 12.0.1 **Description** Owlfiles File Manager version 12.0.1 contains a path traversal vulnerability in its built-in HTTP server. This allows attackers to access system directories by crafting GET requests with directory traversal sequences. The vulnerability enables access to restricted system directories on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XMB Forum version 1.9.12.06 **Description** The software contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, leading to script execution for all forum users when pages are rendered. The affected API endpoints include template modification pages and front page settings. The vulnerable parameters are the content fields within these templates, such as the footer template and news ticker field. **Recommendations** Apply updates to address the issue. As a temporary workaround, restrict administrator access to template modification and front page settings. Sanitize all user-supplied input before rendering templates to prevent script injection.

**Name of the Vulnerable Software and Affected Versions** AirKeyboard iOS App version 1.0.5 **Description** The AirKeyboard iOS App has a missing authentication mechanism. This allows unauthenticated attackers to send arbitrary keystrokes to a victim’s iOS device in real-time, without requiring user interaction, leading to complete remote input control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress versions prior to 2.7.1 **Description** The software is susceptible to a Server-Side Request Forgery (SSRF) issue. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. Exploitation can lead to querying and modifying information from internal services through the `ays chatgpt pinecone upsert` function. **Recommendations** Update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress versions through 2.7.0 **Description** The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is susceptible to unauthorized access. A missing capability check within the `ays chatgpt save wp media` function allows unauthenticated attackers to upload media files. **Recommendations** Update the AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress to a version later than 2.7.0.

**Name of the Vulnerable Software and Affected Versions** WP Directory Kit versions up to and including 1.4.5 **Description** The WP Directory Kit plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link. The vulnerability exists via the `order by` parameter. **Recommendations** Update WP Directory Kit to a version later than 1.4.5.

**Name of the Vulnerable Software and Affected Versions** Remote for Mac versions prior to 2025.7 **Description** An unauthenticated remote code execution issue exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio. When the application is configured with authentication disabled, the `/api/executeScript` API endpoint is exposed without access control. This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the `X-Script` HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privileges of the Remote for Mac background process. **Recommendations** Update Remote for Mac to a version later than 2025.7.

**Name of the Vulnerable Software and Affected Versions** AnyDesk (affected versions not specified) **Description** The issue concerns a remote code execution (RCE) exploit. Technical details include the use of a `vxproj` file, conversion to `vbs` and then to `ps1` (PowerShell script), and involvement of an `asar` file. A specific 7z archive named `SearchFilter.7z` is mentioned, which is downloaded from a release by Rathod536/Fidelity-Power-BI-project. The final `asar` file has a hash of `bcca9de329754c6719b4829919dcb0603f8a5c29a36ab83f9d88a5aa2d00e2d6`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.