Dau Hoang Tai

**Name of the Vulnerable Software and Affected Versions** The Clever Fox plugin for WordPress version 25.2.0 and earlier **Description** The issue is related to Stored Cross-Site Scripting via the plugin's info box block due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions 25.2.0 and earlier, update to a version later than 25.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the info box block for users with contributor-level and above permissions until a patch is available. Additionally, ensure proper input validation and output escaping for all user-supplied attributes to prevent arbitrary web script injection.

**Name of the Vulnerable Software and Affected Versions** EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.12 **Description** The issue is related to insufficient authorization validation on the PDF embed block, allowing authenticated attackers with contributor-level access and above to embed PDF blocks. This enables unauthorized access to functionality. **Recommendations** For versions up to, and including, 3.9.12, update to a version higher than 3.9.12 to resolve the issue. As a temporary workaround, consider restricting access to the PDF embed block to prevent unauthorized embedding of PDF blocks.

**Name of the Vulnerable Software and Affected Versions** The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress versions up to, and including, 3.2.34 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.2.34, update to a version higher than 3.2.34 to resolve the issue. As a temporary workaround, consider restricting contributor access to minimize the risk of exploitation. Additionally, avoid using parameters that are not properly sanitized in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.4.8 **Description** The issue is related to Stored Cross-Site Scripting via the Accordion widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.4.8, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the Accordion widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.27 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's button due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.10.27, update to a version later than 4.10.27 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's button for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Stackable – Page Builder Gutenberg Blocks plugin for WordPress versions up to, and including, 3.12.11 **Description** The issue is related to Stored Cross-Site Scripting via the Post(v2) block title tag due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.12.11, update to a version higher than 3.12.11 to resolve the issue. As a temporary workaround, consider restricting contributor-level and above permissions to minimize the risk of exploitation. Avoid using the Post(v2) block title tag in pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Getwid – Gutenberg Blocks plugin for WordPress versions up to, and including, 2.0.5 **Description** The issue arises from insufficient input sanitization and output escaping in the block content, allowing authenticated attackers with contributor access or higher to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.0.5, update to a version higher than 2.0.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Real Media Library: Media Library Folder & File Manager plugin for WordPress versions up to, and including, 4.22.7 **Description** The issue arises from insufficient input sanitization and output escaping in style attributes, allowing authenticated attackers with contributor access or above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.22.7, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent stored cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Metform Elementor Contact Form Builder plugin for WordPress versions up to, and including, 3.8.5 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's widgets due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.8.5, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the plugin's widgets for users with contributor-level access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.263 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, such as `heading type`, in the plugin's 'colibri post title' shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.263, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the 'colibri post title' shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.2.7 **Description** The issue allows attackers with an account that has only the activate plugins capability to access arbitrary files on the server, potentially containing sensitive information, via a Directory Traversal vulnerability. This is possible through the `backup name` parameter in the `backuply download backup` function. The vulnerability only affects sites hosted on Windows servers. **Recommendations** For versions up to, and including, 1.2.7, consider disabling the `backuply download backup` function until a patch is available to prevent exploitation. Restrict access to sensitive files on the server to minimize the risk of information disclosure. Avoid using the `backup name` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 4.5.1 **Description** The issue is related to Stored Cross-Site Scripting via the `blockId` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 4.5.1, update to a version higher than 4.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the `blockId` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.10 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Wistia embed block due to insufficient input sanitization and output escaping on the user-supplied `url`. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.9.10, update to a version higher than 3.9.10 to resolve the issue. As a temporary workaround, consider restricting access to the Wistia embed block for users with contributor-level and above permissions until a patch is available. Additionally, restrict the use of user-supplied `url` parameters in the Wistia embed block to minimize the risk of exploitation.