Dc11

**Name of the Vulnerable Software and Affected Versions** The Print Invoice & Delivery Notes for WooCommerce WordPress plugin versions prior to 4.7.2 **Description** The issue is caused by a reflected XSS vulnerability, which occurs when a GET value is echoed in an admin note within the WooCommerce orders page. This can be exploited by users with the `edit others shop orders` capability, given that WooCommerce must be installed and active. The vulnerability is a result of a `urldecode()` function being used after cleanup with `esc url raw()`, allowing double encoding. **Recommendations** For versions prior to 4.7.2, update to version 4.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the WooCommerce orders page for users with the `edit others shop orders` capability until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GiveWP WordPress plugin versions prior to 2.24.1 **Description** The issue concerns the improper escaping of user input before it reaches SQL queries, potentially allowing unauthenticated attackers to perform SQL Injection attacks. **Recommendations** For versions prior to 2.24.1, update to version 2.24.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Advanced AJAX Product Filters WordPress plugin (affected versions not specified) **Description** The issue is related to a reflected Cross-Site Scripting problem. It occurs because the `term id` POST parameter is not sanitized before being outputted in the page. This allows for potential malicious script injection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qyrr WordPress plugin versions prior to 0.7 **Description** The issue allows for Cross-Site Scripting attacks due to the failure to escape the data-uri of the QR Code when outputting it in a src attribute. Additionally, the `data uri to meta` AJAX action, available to all authenticated users, is vulnerable to Stored Cross-Site Scripting, as it only has a CSRF check in place, with the nonce available to users with a role as low as Contributor. This allows any user with such role (and above) to set a malicious data-uri in arbitrary QR Code posts. **Recommendations** For versions prior to 0.7, update to version 0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `data uri to meta` AJAX action to higher roles until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue arises from the WP Mail Log WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by users with a role as low as Contributor. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue arises from incorrect authorization of REST API endpoints in the WP Mail Log WordPress plugin, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue allows attackers to upload PHP files due to improper validation of file extensions when uploading files to attach to emails, leading to remote code execution. **Recommendations** For WP Mail Log WordPress plugin versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting file uploads or validating file extensions manually until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue is related to the improper validation of file path parameters when attaching files to emails, leading to local file inclusion. This allows an attacker to leak the contents of arbitrary files. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file attachment feature in the WP Mail Log plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WP Mail Log WordPress plugin versions prior to 1.1.3 **Description** The issue arises from the WP Mail Log WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by users with a role as low as Contributor. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Vietnam Checkout WordPress plugin versions prior to 2.0.6 **Description** The issue concerns the WooCommerce Vietnam Checkout WordPress plugin, where the custom shipping phone field on the checkout form is not properly escaped, leading to a potential XSS issue. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Meta and Date Remover WordPress plugin versions prior to 2.2.0 **Description** The issue concerns an AJAX endpoint for configuring plugin settings that lacks capability checks and fails to sanitize user input. This input is later output unescaped, allowing any authenticated users, such as subscribers, to change settings and perform Stored Cross-Site Scripting. **Recommendations** For WP Meta and Date Remover WordPress plugin versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint for configuring plugin settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Form Maker by 10Web WordPress plugin versions prior to 1.15.20 **Description** The issue allows unauthenticated users to create arbitrary files on the server from user input due to a lack of signature validation, potentially leading to remote code execution (RCE). **Recommendations** For versions prior to 1.15.20, update to version 1.15.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's file creation functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** SupportCandy WordPress plugin versions prior to 3.1.7 **Description** The issue concerns a lack of proper sanitization and escaping of the `id` parameter for an Agent in the REST API, which can lead to an SQL Injection. This can be exploited by users with a role as low as Subscriber. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoint that uses the `id` parameter to minimize the risk of exploitation. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SupportCandy WordPress plugin versions prior to 3.1.7 **Description** The issue arises from the improper sanitization and escaping of the `agents[]` parameter in the `set add agent leaves` AJAX function, which is then used in a SQL statement. This leads to a SQL injection that can be exploited by high-privilege users, such as administrators. **Recommendations** For versions prior to 3.1.7, update to version 3.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `set add agent leaves` AJAX function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** The Gallery by BestWebSoft WordPress plugin versions prior to 4.7.0 **Description** The issue is related to a Blind SQL Injection vulnerability due to improper escaping of values used in SQL queries. An attacker must have at least the privileges of an Author, and the vendor's Slider plugin must also be installed for this issue to be exploitable. **Recommendations** For versions prior to 4.7.0, update to version 4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with Author privileges or lower until the update is applied. Additionally, ensure the Slider plugin is not installed or is updated to a version that does not exploit this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Themeflection Numbers WordPress plugin versions prior to 2.0.1 **Description** The issue is related to a lack of authorisation and CSRF check in an AJAX action, which does not ensure that the options to be updated belong to the plugin. This could allow any authenticated users, such as subscribers, to update arbitrary blog options, including enabling registration and setting the default role to administrator. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or disabling it until a patch is available. Additionally, restrict the ability of subscribers to update blog options to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Gallery by BestWebSoft WordPress plugin versions prior to 4.7.0 **Description** The issue arises from improper sanitization of gallery information, leading to a Stored Cross-Site Scripting vulnerability. An attacker must have at least the privileges of the Author role to exploit this. **Recommendations** For versions prior to 4.7.0, update to version 4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the privileges of users to prevent them from having at least the Author role, thereby minimizing the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SupportCandy versions prior to 3.1.5 **Description** The issue is related to the lack of validation and escaping of user input in SQL statements, which could allow unauthenticated attackers to perform SQL injection attacks. This could enable remote attackers to execute arbitrary SQL queries. **Recommendations** For versions prior to 3.1.5, update to version 3.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `parse user filters` function until a patch is available. Avoid using user input in SQL statements without proper validation and escaping.

**Name of the Vulnerable Software and Affected Versions** User Role by BestWebSoft WordPress plugin versions prior to 1.6.7 **Description** The issue concerns a lack of protection against Cross-Site Request Forgery (CSRF) in requests to update role capabilities, leading to arbitrary privilege escalation of any role. **Recommendations** For versions prior to 1.6.7, update to version 1.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Gallery Blocks with Lightbox WordPress plugin versions prior to 3.0.8 **Description** The issue concerns an AJAX endpoint in the plugin that can be accessed by any authenticated user, including those with a subscriber role. This endpoint's callback function allows for various actions, most notably reading and updating WordPress options. A potential exploit could enable registration with a default administrator user role, posing a significant security risk. **Recommendations** For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint until the update can be applied.