Daniel Basta

**Name of the Vulnerable Software and Affected Versions** HTTP Headers plugin for WordPress versions prior to 1.19.3 **Description** Insufficient input sanitization and output escaping in admin settings allow authenticated attackers with administrator-level permissions and above to perform Stored Cross-Site Scripting. This enables the injection of arbitrary web scripts into pages, which execute when a user accesses them. This issue specifically affects multi-site installations and environments where `unfiltered html` has been disabled. **Recommendations** Update the plugin to a version later than 1.19.2.

**Name of the Vulnerable Software and Affected Versions** Conditional Menus for WordPress versions prior to 1.2.7 **Description** The Conditional Menus plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.2.6. The issue stems from the absence of nonce validation within the `save options` function. This allows unauthenticated attackers to potentially modify conditional menu assignments through a forged request, provided they can trick a site administrator into performing an action, such as clicking a malicious link. **Recommendations** Update the Conditional Menus plugin to version 1.2.7 or later.

**Name of the Vulnerable Software and Affected Versions** SurveyJS plugin for WordPress versions through 2.5.3 **Description** The software is susceptible to Stored Cross-Site Scripting through survey result submissions. Insufficient input sanitization and output escaping allow attackers to inject HTML-encoded payloads. The nonce required for submission is exposed on the public survey page, enabling unauthenticated attackers to submit malicious content. When an administrator views survey results, the injected payload is decoded and executed as HTML, resulting in stored XSS within the admin context. **Recommendations** Update the SurveyJS plugin to a version later than 2.5.3.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS lacks brute force protection, enabling attackers to submit numerous automated login attempts without triggering account lockout or other protective measures. This allows for potential unauthorized access to accounts. **Recommendations** Update to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** The “Functions” module in Raytha CMS permits users with elevated privileges to introduce custom code, extending the application’s capabilities. A deficiency in sandboxing or access controls allows JavaScript code executed via this feature to instantiate .NET components and carry out arbitrary operations within the application’s hosting environment. The affected module allows for the execution of arbitrary code. **Recommendations** Update to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to a Stored Cross-Site Scripting (XSS) issue. An authenticated attacker with post editing privileges can inject arbitrary HTML and JavaScript code via the `FieldValues[1].Value` parameter within the post editing functionality. This injected code will be rendered and executed when other users visit the modified page. The affected parameter is used in the post editing functionality. **Recommendations** Update Raytha CMS to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to a Stored Cross-Site Scripting (XSS) issue. An authenticated attacker with content creation permissions can inject arbitrary HTML and JavaScript code via the `FieldValues[0].Value` parameter during page creation. This injected code will be rendered and executed when other users visit the modified page. The vulnerable parameter is `FieldValues[0].Value`. **Recommendations** Update Raytha CMS to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to Cross-Site Request Forgery (CSRF) across multiple endpoints. An attacker can create a malicious website that, when visited by an authenticated user, automatically sends a POST request to an endpoint, potentially leading to unauthorized actions such as data deletion, because token verification is not enforced. The vulnerable endpoints are not specified. **Recommendations** Update Raytha CMS to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS has a Server-Side Request Forgery (SSRF) issue in the “Themes - Import from URL” feature. An attacker with high privileges can provide a URL to redirect server-side HTTP requests. The vulnerable feature allows an attacker to control the destination of server-side requests, potentially leading to unauthorized access to internal resources or data exfiltration. **Recommendations** Update Raytha CMS to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to an issue where an attacker can manipulate `X-Forwarded-Host` or `Host` headers to point to a domain controlled by the attacker. Knowing a victim's email address, the attacker can trigger a password reset email containing a link that directs the victim to the attacker’s domain. When the victim clicks this link, their browser sends a request to the attacker’s domain, including a token in the path. This allows the attacker to capture the token and subsequently reset the victim's password, leading to account takeover. The vulnerable parameters are `X-Forwarded-Host` and `Host`. **Recommendations** Update Raytha CMS to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to a Stored Cross-Site Scripting (XSS) issue. An authenticated attacker can inject arbitrary HTML and JavaScript code through the `FirstName` and `LastName` parameters within the profile editing functionality. This injected code will be rendered and executed when other users view the edited page. **Recommendations** Update Raytha CMS to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to a reflected cross-site scripting (XSS) issue through the `backToListUrl` parameter. An attacker can create a malicious URL. When an authenticated user accesses this URL, it can lead to the execution of arbitrary JavaScript code within the user's browser. The vulnerable parameter is `backToListUrl`. **Recommendations** Update to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.4.6 **Description** Raytha CMS is susceptible to a Reflected Cross-Site Scripting (XSS) issue. This occurs through manipulation of the `returnUrl` parameter within the logon functionality. An attacker can create a malicious URL. When an authenticated user accesses this URL, it can lead to the execution of arbitrary JavaScript code in the user's web browser. **Recommendations** Update Raytha CMS to version 1.4.6 or later.

**Name of the Vulnerable Software and Affected Versions** Raytha CMS versions prior to 1.5.0 **Description** Raytha CMS has a flaw in its password reset functionality that allows for user enumeration. Variations in system messages can reveal whether a login attempt is successful, potentially enabling an attacker to conduct a brute force attack using valid logins. **Recommendations** Update to version 1.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** YayMail - WooCommerce Email Customizer plugin versions up to and including 4.3.2 **Description** The YayMail - WooCommerce Email Customizer plugin for WordPress has a flaw that allows unauthorized plugin installation and activation. This is due to missing capability checks on the `yaymail install yaysmtp` AJAX action and the `/yaymail/v1/addons/activate` API endpoint. Attackers with Shop Manager-level access or higher can exploit this to install and activate the YaySMTP plugin. **Recommendations** Update YayMail - WooCommerce Email Customizer plugin to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** YayMail – WooCommerce Email Customizer plugin for WordPress versions through 4.3.2 **Description** The YayMail – WooCommerce Email Customizer plugin for WordPress has a flaw that allows unauthorized deletion of the plugin’s license key. This is due to a missing authorization check on the `/yaymail-license/v1/license/delete` API endpoint. Authenticated attackers with Shop Manager-level access or higher can delete the license key by accessing the `/yaymail-license/v1/license/delete` endpoint, provided they have the REST API nonce. The `nonce` is a security token used to prevent cross-site request forgery attacks. **Recommendations** Update YayMail – WooCommerce Email Customizer plugin for WordPress to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** YayMail – WooCommerce Email Customizer plugin for WordPress versions up to and including 4.3.2 **Description** The YayMail – WooCommerce Email Customizer plugin for WordPress is susceptible to Stored Cross-Site Scripting through settings. Insufficient input sanitization and output escaping allow authenticated attackers with Shop Manager-level permissions or higher to inject arbitrary web scripts. These scripts execute when a user accesses an injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update YayMail – WooCommerce Email Customizer plugin to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** YayMail – WooCommerce Email Customizer plugin for WordPress versions through 4.3.2 **Description** The YayMail – WooCommerce Email Customizer plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check on the `yaymail import state` AJAX action allows authenticated attackers with Shop Manager-level access or higher to modify arbitrary options on the WordPress site. This can be exploited to elevate user privileges, such as changing the default registration role to administrator and enabling user registration for unauthorized access. The `yaymail import state` action is the component affected. **Recommendations** Update YayMail – WooCommerce Email Customizer plugin to a version later than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** SIBS woocommerce payment gateway plugin for WordPress versions up to and including 2.2.0 **Description** The SIBS woocommerce payment gateway plugin for WordPress is susceptible to time-based SQL Injection via the `referencedId` parameter. This is due to inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. Successful exploitation allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries into existing ones, potentially extracting sensitive information from the database. **Recommendations** Versions prior to and including 2.2.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress versions prior to 4.6.9 **Description** The Order Minimum/Maximum Amount Limits for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through settings. Insufficient input sanitization and output escaping allows authenticated attackers with Shop Manager-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update to version 4.6.9 or later.