Duc Manh

The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.7 via the 'form id' parameter. This makes it possible for unauthenticated attackers to extract download a full CSV export of all form submissions — including any personally identifiable information submitted by users — for any arbitrary form id.

**Name of the Vulnerable Software and Affected Versions** Error Log Viewer by BestWebSoft plugin for WordPress versions up to and including 1.1.6 **Description** The Error Log Viewer by BestWebSoft plugin for WordPress is susceptible to Directory Traversal. This allows authenticated attackers with Administrator-level access or higher to read the contents of arbitrary files on the server, potentially exposing sensitive information. The issue resides within the `rrrlgvwr get file` function. **Recommendations** Update the Error Log Viewer by BestWebSoft plugin to a version later than 1.1.6.

Name of the Vulnerable Software and Affected Versions: Tripetto plugin for WordPress versions up to, and including, 8.0.9 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation. This allows unauthenticated attackers to delete arbitrary results via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link. Recommendations: For versions up to, and including, 8.0.9, update to a version that includes nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to sensitive areas of the site to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Advanced File Manager — Ultimate WordPress File Manager and Document Library Plugin versions up to, and including, 5.2.14 **Description** The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with Subscriber-level access and above, and granted permissions by an Administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. **Recommendations** For versions up to, and including, 5.2.14, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting SVG file uploads to trusted users only, and ensure that all users with upload permissions are thoroughly vetted by an Administrator.

**Name of the Vulnerable Software and Affected Versions** WS Form LITE plugin for WordPress versions up to, and including, 1.9.217 **Description** The issue allows unauthenticated attackers to embed untrusted input into exported CSV files. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. **Recommendations** For versions up to, and including, 1.9.217, update to a version later than 1.9.217 to resolve the issue. As a temporary workaround, consider restricting access to the CSV export feature until a patch is available. Avoid opening exported CSV files from untrusted sources on a local system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions up to, and including, 1.8.9 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on several functions. This allows unauthenticated attackers to invoke those functions via a forged request if they can trick a site administrator into performing an action, such as clicking on a link. These actions may result in form deletion, lead signup, and file upload. **Recommendations** For versions up to, and including, 1.8.9, update to a version that includes proper nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the plugin's functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions prior to 1.8.9 **Description** The issue allows unauthorized access to functionality due to a missing capability check on several functions. This makes it possible for unauthenticated attackers to invoke those functions. **Recommendations** For versions prior to 1.8.9, update to a version that includes the necessary capability checks to prevent unauthorized access. As a temporary workaround, consider restricting access to the affected functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Funnelforms Free plugin for WordPress versions up to, and including, 3.4 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `fnsf delete posts` function. This allows unauthenticated attackers to delete arbitrary posts via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link. **Recommendations** For versions up to, and including, 3.4, update to a version that includes proper nonce validation for the `fnsf delete posts` function to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the `fnsf delete posts` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Funnelforms Free plugin for WordPress versions up to and including 3.4 **Description** The issue allows authenticated attackers with subscriber-level permissions and above to modify data without proper authorization. This is due to a missing capability check on the `fnsf delete posts` function, enabling them to delete arbitrary posts, including those of administrators and posts unrelated to the Funnelforms Free plugin. **Recommendations** For versions up to and including 3.4, consider disabling the `fnsf delete posts` function until a patch is available to prevent unauthorized post deletion. Restrict access to the Funnelforms Free plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Funnelforms Free plugin for WordPress versions up to, and including, 3.4 **Description** The issue allows authenticated attackers with subscriber-level permissions and above to create copies of arbitrary posts due to a missing capability check on the `fnsf copy posts` function. **Recommendations** For versions up to, and including, 3.4, update to a version that includes a fix for the missing capability check in the `fnsf copy posts` function.

**Name of the Vulnerable Software and Affected Versions** Funnelforms Free plugin for WordPress versions up to, and including, 3.4 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `fnsf copy posts` function. This allows unauthenticated attackers to create copies of arbitrary posts via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 3.4, update to a version that includes proper nonce validation for the `fnsf copy posts` function to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the `fnsf copy posts` function until a patch is available.