Erwan Lr

**Name of the Vulnerable Software and Affected Versions** WP MAPS PRO versions prior to 6.1.1 **Description** The plugin registers an unauthenticated AJAX action that allows the creation of an administrator account. By providing a valid nonce, which is publicly available on any frontend page that enqueues the map script, an attacker can unconditionally create an admin account and receive a magic-login URL that provides interactive administrative access. **Recommendations** Update to version 6.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** trx addons WordPress plugin versions prior to 2.38.5 **Description** The software does not properly validate file types during an AJAX action, potentially allowing unauthenticated users to upload arbitrary files. This is related to a previous fix attempt. **Recommendations** Update to version 2.38.5 or later.

**Name of the Vulnerable Software and Affected Versions** Order Delivery Date WordPress plugin versions prior to 12.4.0 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a `parameter` before outputting it back in the page. This could be used against high privilege users such as admin. **Recommendations** For versions prior to 12.4.0, update to version 12.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable functionality until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the vulnerable `parameter` in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: The Travelpayouts: All Travel Brands in One Place WordPress plugin versions prior to 1.1.13 Description: The issue concerns a lack of CSRF check when importing settings from v1, which could allow attackers to make a logged-in admin update some settings via a CSRF attack. Recommendations: For versions prior to 1.1.13, update to version 1.1.13 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: edd-google-sheet-connector-pro WordPress plugin versions prior to 1.4 Easy Digital Downloads Google Sheet Connector WordPress plugin versions prior to 1.6.6 Description: The issue concerns a lack of CSRF check when updating the Access Code, which could allow attackers to make a logged-in admin change the access code to an arbitrary one via a CSRF attack. Recommendations: For edd-google-sheet-connector-pro WordPress plugin versions prior to 1.4, update to version 1.4 or later. For Easy Digital Downloads Google Sheet Connector WordPress plugin versions prior to 1.6.6, update to version 1.6.6 or later.

**Name of the Vulnerable Software and Affected Versions:** Order Delivery Date WordPress plugin versions prior to 12.6.0 **Description:** The Order Delivery Date WordPress plugin before version 12.6.0 discloses arbitrary post titles (including draft and private posts) through an unauthenticated AJAX action, potentially allowing attackers to retrieve this information. **Recommendations:** Update the Order Delivery Date WordPress plugin to version 12.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** The Photo Gallery, Sliders, Proofing and WordPress plugin versions prior to 3.59.9 **Description** The issue concerns the Photo Gallery, Sliders, Proofing and WordPress plugin, where some of its image settings are not properly sanitized and escaped. This could allow high-privilege users, such as administrators, to perform stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 3.59.9, update to version 3.59.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the image settings to minimize the risk of exploitation. Additionally, restrict the use of the `unfiltered html` capability to prevent stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** tourmaster WordPress plugin versions prior to 5.3.5 **Description** The issue is related to Reflected Cross-Site Scripting, where generated URLs are not properly escaped before being outputted in attributes. This can lead to malicious scripts being executed. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** tourmaster WordPress plugin versions prior to 5.3.5 should be updated to version 5.3.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ninja Forms versions prior to 3.8.11 **Description** The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin. This occurs because the Ninja Forms WordPress plugin does not escape an URL before outputting it back in an attribute, leading to malicious script execution. **Recommendations** For versions prior to 3.8.11, upgrade the affected plugin immediately to mitigate risks. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Ditty WordPress plugin versions prior to 3.1.46 **Description** The issue is related to a previously fixed security problem that was re-introduced in version 3.1.39 of the plugin. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 3.1.46, update to version 3.1.46 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Customers Manager WordPress plugin versions prior to 30.2 **Description** The issue concerns a lack of authorization and CSRF protection in various AJAX actions within the plugin, allowing any authenticated user to update, delete, or create customer metadata. This also leads to Stored Cross-Site Scripting due to the lack of escaping of metadata values. **Recommendations** For versions prior to 30.2, update to version 30.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Classified Listings WordPress plugin versions prior to 1.4 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high privilege users, such as administrators. **Recommendations** For versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Float menu WordPress plugin versions prior to 6.0.1 **Description** The issue is related to the lack of a CSRF check in the bulk actions of the plugin, which could allow attackers to make logged-in admins delete arbitrary menus via a CSRF attack. **Recommendations** For versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the bulk actions feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Customers Manager WordPress plugin versions prior to 29.8 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape various parameters before outputting them back in pages and attributes. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 29.8, update to version 29.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected pages and attributes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Customers Manager WordPress plugin versions prior to 29.8 **Description** The issue concerns a lack of authorization and CSRF protection in an AJAX action, allowing any authenticated user to retrieve a list of customer email addresses along with their id, first name, and last name. **Recommendations** For versions prior to 29.8, update to version 29.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action until the update is applied.

**Name of the Vulnerable Software and Affected Versions** coreActivity: Activity Logging plugin for WordPress versions prior to 2.1 **Description** The issue allows users to spoof IP addresses by providing an arbitrary value via headers such as X-FORWARDED, which are used to log IP addresses of requests. **Recommendations** For versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging functionality to minimize the risk of IP address spoofing.

**Name of the Vulnerable Software and Affected Versions** Themify WordPress plugin versions prior to 1.4.4 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its Filters settings. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Filters settings in the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Themify WordPress plugin versions prior to 1.4.4 **Description** The issue concerns a lack of CSRF check in the bulk action of the Themify WordPress plugin. This could allow attackers to make logged-in users delete arbitrary filters via a CSRF attack, provided they know the related filter slugs. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the bulk action feature in the Themify WordPress plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Themify WordPress plugin versions prior to 1.4.4 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pz-LinkCard WordPress plugin versions through 2.5.1 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high privilege users, such as admins. **Recommendations** For Pz-LinkCard WordPress plugin versions through 2.5.1, update to a version that properly sanitises and escapes parameters to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.