Djaidja Moundjid

**Name of the Vulnerable Software and Affected Versions** KIA Subtitle plugin for WordPress versions prior to 4.0.2 **Description** The plugin is susceptible to Stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and output escaping within the `before` and `after` attributes of the `the-subtitle` shortcode. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 4.0.1. As a temporary workaround, restrict the use of the `before` and `after` attributes in the `the-subtitle` shortcode for users with Contributor-level access.

**Name of the Vulnerable Software and Affected Versions** Logo Manager For Enamad versions prior to 0.7.5 **Description** The Logo Manager For Enamad plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied attributes within the 'title' attribute of the `vc enamad namad`, `vc enamad shamed`, and `vc enamad custom` shortcodes. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update to a version later than 0.7.4. As a temporary workaround, restrict the use of the 'title' attribute in the `vc enamad namad`, `vc enamad shamed`, and `vc enamad custom` shortcodes.

**Name of the Vulnerable Software and Affected Versions** Sticky versions prior to 2.5.7 **Description** The Sticky plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the `cvmh sticky front render()` function fails to properly sanitize input and escape output for the `readmoretext` attribute within the `cvmh-sticky` shortcode. Specifically, the value of the `readmoretext` attribute is processed via `apply filters()` and concatenated into the HTML output without using escaping functions like `esc html()`. Consequently, authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which execute when a user visits a page containing the malicious shortcode. **Recommendations** Update to a version later than 2.5.6. As a temporary workaround, restrict the ability of users with Contributor-level access to edit pages or use the `cvmh-sticky` shortcode until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Bold Page Builder versions prior to 5.6.9 **Description** The Bold Page Builder plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because of insufficient input sanitization and output escaping on user-supplied attributes, specifically within the `text` attribute of the 'bt bb button' shortcode. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 5.6.8. As a temporary workaround, restrict the use of the `text` attribute in the 'bt bb button' shortcode for users with contributor-level access.

**Name of the Vulnerable Software and Affected Versions** WPC Badge Management for WooCommerce versions prior to 3.1.7 **Description** The WPC Badge Management for WooCommerce plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the `text` attribute of the `wpcbm best seller` shortcode. Authenticated attackers with Shop Manager-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 3.1.6.

**Name of the Vulnerable Software and Affected Versions** Fluent Forms versions prior to 6.2.2 **Description** The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the `permission message` parameter. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update to a version later than 6.2.1. As a temporary workaround, restrict the use of the `permission message` parameter until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Next Date plugin for WordPress versions prior to 1.1 **Description** The plugin is susceptible to Stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and output escaping of user-supplied attributes within the `default` shortcode attribute. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 1.0. As a temporary workaround, restrict the use of the `default` attribute in shortcodes for users with contributor-level access.

The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

**Name of the Vulnerable Software and Affected Versions** SP Blog Designer versions prior to 1.0.1 **Description** The SP Blog Designer plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the 'design' attribute of the `wpsbd post carousel` shortcode. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 1.0.0. As a temporary workaround, restrict the use of the `wpsbd post carousel` shortcode or its `design` attribute for users with Contributor-level access.

**Name of the Vulnerable Software and Affected Versions** E2Pdf – Export Pdf Tool for WordPress versions prior to 1.32.18 **Description** The E2Pdf – Export Pdf Tool for WordPress plugin allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts. This occurs due to insufficient input sanitization and output escaping within the `id` attribute of the `e2pdf-download` shortcode. These scripts execute whenever a user accesses a page where the malicious code was injected. **Recommendations** Update the plugin to a version later than 1.32.17. As a temporary workaround, restrict the use of the `id` attribute in the `e2pdf-download` shortcode for users with Contributor-level access.

**Name of the Vulnerable Software and Affected Versions** NMR Strava activities plugin for WordPress versions prior to 1.0.15 **Description** Insufficient input sanitization and output escaping on user supplied attributes in the `strava nmr connect` shortcode allow authenticated attackers with contributor-level access and above to inject arbitrary web scripts. These scripts execute whenever a user accesses a page containing the injected content. This is a Stored Cross-Site Scripting issue, where malicious scripts are permanently stored on the target server. **Recommendations** Update the plugin to a version later than 1.0.14. As a temporary workaround, restrict the use of the `strava nmr connect` shortcode to trusted users with higher privilege levels.

**Name of the Vulnerable Software and Affected Versions** Schedule Post Changes With PublishPress Future versions prior to 4.10.1 **Description** Stored Cross-Site Scripting occurs due to insufficient input sanitization of the `wrapper` attribute within the `[futureaction]` shortcode. The plugin utilizes the `esc html()` function, which encodes HTML entities but fails to prevent attribute injection when the value is used as an HTML tag name in a `sprintf()` call. This allows authenticated attackers with administrator-level access, or contributors if granted permission, to inject event handler attributes via spaces in the `wrapper` value. Consequently, arbitrary web scripts can be injected into pages and executed when a user accesses them. **Recommendations** Update to a version later than 4.10.0. As a temporary workaround, restrict the use of the `wrapper` attribute in the `[futureaction]` shortcode to trusted administrators only.

**Name of the Vulnerable Software and Affected Versions** Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website versions prior to 2.1.1 **Description** The plugin is subject to Stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and output escaping within the `chartid` attribute of the shortcode. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 2.1.0.

**Name of the Vulnerable Software and Affected Versions** Simple Link Directory versions prior to 8.9.3 **Description** The Simple Link Directory plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages. This occurs because the `qcopd-directory` shortcode does not sufficiently sanitize input or escape output for user-supplied attributes, specifically the `title font size` variable. These scripts execute whenever a user visits the affected page. **Recommendations** Update the plugin to a version later than 8.9.2. As a temporary workaround, restrict the use of the `title font size` attribute within the `qcopd-directory` shortcode for users with contributor-level access.

**Name of the Vulnerable Software and Affected Versions** WPC Smart Messages for WooCommerce versions prior to 4.2.9 **Description** Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts through the `text` attribute of the `wpcsm text rotator` shortcode. These scripts execute whenever a user visits the affected page. **Recommendations** Update to a version later than 4.2.8. As a temporary workaround, restrict the use of the `text` attribute within the `wpcsm text rotator` shortcode to trusted users only.

**Name of the Vulnerable Software and Affected Versions** Gallagher Website Design versions prior to 2.6.5 **Description** The plugin is susceptible to Stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server. The issue exists within the 'login link' shortcode due to inadequate input sanitization and output escaping of the `prefix` attribute. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update to a version later than 2.6.4. As a temporary workaround, restrict the use of the `prefix` attribute within the 'login link' shortcode for users with Contributor-level access.

**Name of the Vulnerable Software and Affected Versions** CI HUB Connector versions prior to 1.2.107 **Description** The CI HUB Connector plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages. This occurs due to insufficient input sanitization and output escaping within the 'id' attribute of the `cihub metadata` shortcode. These scripts execute whenever a user visits the affected page. **Recommendations** Update to a version later than 1.2.106.

Name of the Vulnerable Software and Affected Versions ShopLentor plugin for WordPress versions up to 3.3.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and missing output escaping on user-supplied shortcode attributes. Authenticated attackers with Contributor-level access and above can inject arbitrary web scripts via the `button text` attribute of the `woolentor quickview button` shortcode, which execute when a user accesses the affected page. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Download Manager plugin for WordPress versions up to and including 3.3.52 Description The Download Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `sid` parameter of the 'wpdm members' shortcode. This occurs because of inadequate input sanitization and output escaping of the user-supplied `sid` shortcode attribute. The `sid` parameter is extracted without sanitization within the `members()` function and stored using `update post meta()`, then directly echoed into an HTML id attribute in the `members.php` template without `esc attr()`. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will execute when a user accesses the affected page. Recommendations Download Manager plugin for WordPress version 3.3.53 and later Disable the 'wpdm members' shortcode if it is not required Sanitize and escape the `sid` parameter before using it in the 'wpdm members' shortcode

Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions up to and including 5.3.0 Description The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `button caption` parameter within the [latepoint resources] shortcode. This occurs because of inadequate output escaping when the `items` parameter is set to 'bundles'. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which will then execute when a user accesses those pages. Recommendations Update LatePoint – Calendar Booking Plugin for Appointments and Events to a version later than 5.3.0.