Etan Imanol Castro Aldrete

**Name of the Vulnerable Software and Affected Versions** Short URL plugin for WordPress versions up to, and including, 1.6.8 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `configuration page` function. This allows unauthenticated attackers to add and import redirects, including comments containing cross-site scripting, if they can trick a site administrator into performing a specific action. **Recommendations** For versions up to, and including, 1.6.8, update to a version that includes the necessary nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the `configuration page` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Elementor ImageBox plugin for WordPress versions up to, and including, 1.2.8 **Description** The issue is related to Stored Cross-Site Scripting via the image box widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.8, update to a version higher than 1.2.8 to resolve the issue. As a temporary workaround, consider restricting access to the image box widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Short URL plugin for WordPress versions up to, and including, 1.6.4 **Description** The issue arises from insufficient input sanitization and output escaping, allowing stored Cross-Site Scripting attacks via the `comment` parameter. This enables authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts into pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 1.6.4, update to a version higher than 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the `comment` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Addons for Contact Form 7 plugin for WordPress versions up to and including 3.1.23 **Description** The issue allows authenticated attackers of any authorization level to perform SQL Injection via the `id` parameter. This enables them to append additional SQL queries into existing ones, potentially extracting sensitive information from the database. **Recommendations** For versions up to and including 3.1.23, update to a version higher than 3.1.23 to resolve the issue. As a temporary workaround, consider restricting access to the `id` parameter in affected API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Popup Banners plugin for WordPress versions up to, and including, 1.2.5 **Description** The issue allows for SQL Injection via the `banner id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with minimal permissions to append additional SQL queries into already existing queries, which can be used to extract sensitive information from the database. **Recommendations** For WP Popup Banners plugin for WordPress versions up to, and including, 1.2.5, consider updating to a version that fixes the SQL Injection issue, as no specific workaround is provided for these versions. As a temporary workaround, consider restricting access to the `banner id` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The WP Coder – add custom html, css and js code plugin for WordPress versions up to, and including, 2.5.3 **Description** The issue is related to time-based SQL Injection via the `id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This allows authenticated attackers with administrative privileges to append additional SQL queries into already existing queries, which can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 2.5.3, consider disabling the `id` parameter until a patch is available to prevent potential SQL Injection attacks. Restrict access to administrative privileges to minimize the risk of exploitation. Avoid using the `id` parameter in existing queries until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Simple Membership WP user Import plugin for WordPress versions up to, and including, 1.7 **Description** The issue allows for SQL Injection via the `orderby` parameter due to insufficient escaping on the user-supplied parameter. This enables authenticated attackers with administrative privileges to append additional SQL queries into existing queries, potentially extracting sensitive information from the database. **Recommendations** For versions up to, and including, 1.7, consider disabling the `orderby` parameter until a patch is available to prevent SQL Injection attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the `orderby` parameter in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Log HTTP Requests plugin for WordPress versions up to, and including, 1.3.1 **Description** The issue is related to Stored Cross-Site Scripting via logged HTTP requests due to insufficient input sanitization and output escaping. This allows unauthenticated attackers, who can trick a site's administrator into performing a specific action, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.3.1, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the logged HTTP requests feature until a patch is available.