Daniel Ruf

Name of the Vulnerable Software and Affected Versions: The Smooth Gallery Replacement WordPress plugin versions 1.0 and earlier Description: The issue is related to the lack of CSRF checks in some areas of the plugin, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For The Smooth Gallery Replacement WordPress plugin version 1.0 and earlier, update to a version that includes proper CSRF checks and sanitization to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: aBitGone CommentSafe WordPress plugin versions 1.0.0 and earlier Description: The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For versions 1.0.0 and earlier, update to a version that includes proper CSRF checks and sanitization to prevent exploitation. As a temporary workaround, consider restricting access to sensitive areas of the plugin to minimize the risk of CSRF attacks.

Name of the Vulnerable Software and Affected Versions: Ntz Antispam WordPress plugin versions 2.0e and earlier Description: The issue concerns the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For Ntz Antispam WordPress plugin versions 2.0e and earlier, consider disabling the settings update functionality until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WP-Reply Notify WordPress plugin versions 1.1 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For WP-Reply Notify WordPress plugin versions 1.1 and earlier, consider disabling the settings update functionality until a patch is available. Restrict access to the settings update module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: TwitterPosts WordPress plugin versions 1.0.0 through 1.0.2 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For TwitterPosts WordPress plugin versions 1.0.0 through 1.0.2, consider disabling the settings update functionality until a patch is available. Restrict access to the settings update module to minimize the risk of exploitation. Avoid using the plugin's settings update feature until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Widgets Reset WordPress plugin versions 0.1 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For versions 0.1 and earlier, as a temporary workaround, consider disabling the settings update functionality until a patch is available. Restrict access to the settings update module to minimize the risk of exploitation. Avoid using the vulnerable settings update endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PeoplePond WordPress plugin versions 1.1.9 and earlier Description: The issue concerns the lack of CSRF checks in certain areas and missing sanitization as well as escaping in the PeoplePond WordPress plugin. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For PeoplePond WordPress plugin versions 1.1.9 and earlier, update to a version that includes CSRF checks and proper sanitization and escaping to prevent Stored XSS payloads from being added via CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Simple Nav Archives versions 2.1.3 and earlier Description: The issue concerns the lack of a CSRF check when updating settings in the Simple Nav Archives WordPress plugin. This could allow attackers to make a logged-in admin change the settings via a CSRF attack. Recommendations: For Simple Nav Archives versions 2.1.3 and earlier, update to a version that includes a CSRF check to prevent unauthorized changes to the plugin's settings.

Name of the Vulnerable Software and Affected Versions: The Ultimate Noindex Nofollow Tool WordPress plugin versions 1.1.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For The Ultimate Noindex Nofollow Tool WordPress plugin versions 1.1.2 and earlier, consider disabling the settings update functionality until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Marketing Twitter Bot WordPress plugin versions 1.11 and earlier Description: The issue is related to the lack of CSRF check in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For The Marketing Twitter Bot WordPress plugin versions 1.11 and earlier, update to a version that includes the necessary CSRF checks and proper sanitization and escaping to prevent Stored XSS payloads from being added.

Name of the Vulnerable Software and Affected Versions: JavaScript Logic WordPress plugin versions 0.1 and earlier Description: The issue concerns a lack of CSRF check in some areas of the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For versions 0.1 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of CSRF attacks. Avoid using the plugin for administrative tasks until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: BabelZ WordPress plugin versions 1.1.5 and earlier Description: The issue concerns the lack of CSRF check and missing sanitization as well as escaping in certain areas of the plugin. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For BabelZ WordPress plugin versions 1.1.5 and earlier, update to a version that includes proper CSRF checks and sanitization to prevent potential Stored XSS attacks.

Name of the Vulnerable Software and Affected Versions: The Custom Author Base WordPress plugin versions 1.1.1 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For The Custom Author Base WordPress plugin versions 1.1.1 and earlier, update to a version that includes a CSRF check to prevent such attacks.

Name of the Vulnerable Software and Affected Versions: WordPress/Plugin Upgrade Time Out Plugin version 1.0 Description: The issue concerns a lack of CSRF check in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For version 1.0, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of Stored XSS payloads being added by attackers. Avoid using the plugin's features that are missing CSRF checks, sanitization, and escaping until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Vikinghammer Tweet WordPress plugin versions 0.2.4 and earlier Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. This could potentially lead to malicious actions being performed on the website. Recommendations: For Vikinghammer Tweet WordPress plugin versions 0.2.4 and earlier, consider disabling the plugin until a patch is available to prevent potential CSRF attacks and Stored XSS payloads. Restrict access to administrative areas of the website to minimize the risk of exploitation. Avoid using the plugin's functionality that allows adding content until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Enhanced Search Box WordPress plugin versions 0.6.1 and earlier Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For Enhanced Search Box WordPress plugin versions 0.6.1 and earlier, update to a version that includes a CSRF check to prevent unauthorized setting changes. As a temporary workaround, consider restricting access to the settings update functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions: The Posts reminder WordPress plugin versions 0.20 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could potentially lead to unauthorized changes in the plugin's settings. Recommendations: For versions 0.20 and earlier, consider temporarily disabling the settings update functionality until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the plugin's settings update feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Review Ratings WordPress plugin versions 1.6 and earlier Description: The issue is related to the lack of CSRF check in some places, as well as missing sanitisation and escaping, which could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. This could potentially lead to malicious actions being performed on the website. Recommendations: For The Review Ratings WordPress plugin versions 1.6 and earlier, update to a version that includes proper CSRF checks, sanitisation, and escaping to prevent Stored XSS payloads from being added via a CSRF attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: infolinks Ad Wrap WordPress plugin versions 1.0.0 through 1.0.2 Description: The issue is related to the lack of CSRF protection when updating settings in the infolinks Ad Wrap WordPress plugin. This could allow attackers to make a logged-in admin change settings via a CSRF attack. Recommendations: For versions 1.0.0 through 1.0.2, as a temporary workaround, consider disabling the settings update functionality until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Visual Sound (old) WordPress plugin versions 1.06 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the plugin, which could allow attackers to make a logged-in admin change them via a CSRF attack. This flaw enables attackers to manipulate the settings of the plugin without the administrator's knowledge or consent. Recommendations: For versions 1.06 and earlier, update to a version that includes a CSRF check when updating settings to prevent potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.