D01Exploit Official

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtool login google() function. This makes it possible for unauthenticated attackers to establish an OAuth Connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The Simple User Capabilities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax nopriv reset capability' AJAX endpoint in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to reset any user's capabilities.

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc submit capabilities() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account to administrator.

**Name of the Vulnerable Software and Affected Versions** AppPresser – Mobile App Framework plugin for WordPress versions through 4.5.0 **Description** The AppPresser – Mobile App Framework plugin for WordPress is susceptible to unauthorized data access. A missing capability check within the `myappp verify` function allows unauthenticated attackers to extract sensitive information. This data includes plugin and theme names and version numbers, potentially enabling targeted attacks against vulnerable components. **Recommendations** Update to a version beyond 4.5.0.

**Name of the Vulnerable Software and Affected Versions** WordPress Content Writer plugin versions 3.6.8 and earlier **Description** The Content Writer plugin for WordPress is susceptible to exposing sensitive information. This occurs due to publicly accessible log files, potentially allowing unauthenticated attackers to view sensitive data contained within them. **Recommendations** Update the Content Writer plugin to a version newer than 3.6.8.

**Name of the Vulnerable Software and Affected Versions** SiteAlert (Formerly WP Health) plugin for WordPress versions through 1.9.8 **Description** The software is susceptible to unauthorized data access because of a missing capability check in several functions. This allows unauthenticated attackers to view site health information, which includes a list of installed and outdated plugins, as well as PHP and Database versions. **Recommendations** Update the SiteAlert (Formerly WP Health) plugin to a version later than 1.9.8.

**Name of the Vulnerable Software and Affected Versions** The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress versions up to and including 1.1.12 **Description** The software is susceptible to a Blind Server-Side Request Forgery issue. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. Attackers could potentially query and modify information from internal services using the `mcbSubmit Form Data()` function. **Recommendations** Update The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress to a version later than 1.1.12.