Donato Di Pasquale

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 **Description** The issue concerns the lack of validation and sanitization of the `wp query` parameter, allowing an attacker to execute arbitrary commands on the remote server. **Recommendations** For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0 WP All Export Pro WordPress plugin versions prior to 1.8.6 **Description** The issue allows attackers to make logged-in users perform unwanted actions, leading to remote code execution. This is due to the plugins not checking nonce tokens early enough in the request lifecycle. **Recommendations** For Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.4.0, update to version 1.4.0 or later. For WP All Export Pro WordPress plugin versions prior to 1.8.6, update to version 1.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** Build App Online WordPress plugin versions prior to 1.0.19 **Description** The issue arises from the plugin's failure to properly sanitise and escape certain parameters before using them in a SQL statement. This occurs via an AJAX action that is accessible to unauthenticated users, leading to a SQL injection. **Recommendations** For versions prior to 1.0.19, update to version 1.0.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent unauthenticated users from exploiting the SQL injection vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Visual Email Designer for WooCommerce WordPress plugin versions prior to 1.7.2 **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by users with a role as low as author. **Recommendations** For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Name Directory WordPress plugin versions prior to 1.25.4 **Description** The issue concerns a lack of CSRF check when importing names and inadequate sanitisation and escaping of imported data. This could allow attackers to make a logged-in admin import arbitrary names containing XSS payloads. **Recommendations** For versions prior to 1.25.4, update to version 1.25.4 or later to resolve the issue. As a temporary workaround, consider restricting the import functionality to minimize the risk of exploitation. Avoid using the import feature with untrusted data until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Name Directory WordPress plugin versions prior to 1.25.3 **Description** The issue is related to a Reflected Cross-Site Scripting and a Stored XSS. This occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. Additionally, the payload is saved into the database after the request, leading to a Stored XSS. **Recommendations** For versions prior to 1.25.3, update to version 1.25.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter to minimize the risk of exploitation.