Duc193

**Name of the Vulnerable Software and Affected Versions** Slider Revolution versions 6.0.0 through 6.7.55 Slider Revolution versions 7.0.0 through 7.0.14 **Description** An issue exists where the plugin fails to properly verify if a user is authorized to perform specific actions. This allows authenticated attackers with Contributor-level access or higher to deactivate any active plugin installed on the site. **Recommendations** Update versions 6.0.0 through 6.7.55 to a version newer than 6.7.55. Update versions 7.0.0 through 7.0.14 to a version newer than 7.0.14.

**Name of the Vulnerable Software and Affected Versions** Breeze versions prior to 2.5.3 **Description** Improper verification of the `wordpress logged in ` cookie in the `inc/cache/execute-cache.php` file occurs when the "Cache Logged-in Users" setting is enabled. The plugin uses the `substr()` function to parse the username directly from the cookie value to retrieve a cache file, but it does not verify the session's cryptographic signature or validity with WordPress core. This allows unauthenticated attackers to use a crafted cookie to trick the plugin into serving cached HTML content intended for an administrator. This can lead to the disclosure of sensitive information, including private posts, the Admin Bar, and WordPress nonces. **Recommendations** Update to a version later than 2.5.2. As a temporary workaround, disable the "Cache Logged-in Users" setting.

**Name of the Vulnerable Software and Affected Versions** Advanced Database Cleaner – Premium versions prior to 4.1.1 **Description** The Advanced Database Cleaner – Premium plugin for WordPress contains a Local File Inclusion issue, which occurs when an application includes a file without properly validating the input, allowing an attacker to read or execute files on the server. Authenticated attackers with Subscriber-level access or higher can use the `template` parameter to include and execute arbitrary .php files. This can lead to the bypass of access controls, unauthorized access to sensitive data, or remote code execution if .php files can be uploaded to the server. **Recommendations** Update the plugin to a version later than 4.1.0. As a temporary workaround, restrict access to the `template` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CleanTalk versions up to and including 6.71 **Description** The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress has a flaw that allows unauthorized Arbitrary Plugin Installation. This is due to an authorization bypass via reverse DNS (PTR record) spoofing within the `checkWithoutToken` function. Unauthenticated attackers can install and activate arbitrary plugins, potentially leading to remote code execution if another vulnerable plugin is already installed and active. This is exploitable on sites with an invalid API key. Approximately 200,000 sites are potentially affected. **Recommendations** Update to version 6.72 or later.

**Name of the Vulnerable Software and Affected Versions** Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress versions through 7.0.7 **Description** The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is susceptible to a privilege escalation issue. An authenticated attacker with minimal permissions, such as a subscriber, can gain store manager access to the site. This is possible due to a missing capability check within the `save custom user profile fields` function. Specifically, attackers can supply the `ec store admin access` parameter during a profile update to escalate their privileges. **Recommendations** Versions prior to 7.0.7 should be updated to address this issue. As a temporary workaround, restrict user roles and closely monitor site activity for unauthorized access attempts.