Felipe Caon

Name of the Vulnerable Software and Affected Versions: If-So Dynamic Content Personalization WordPress plugin versions prior to 1.8.0.3 Description: The issue concerns the If-So Dynamic Content Personalization WordPress plugin, where it fails to validate and escape certain shortcode attributes before outputting them. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Recommendations: For versions prior to 1.8.0.3, update to version 1.8.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attributes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CM Tooltip Glossary WordPress plugin version prior to 4.3.4 **Description** The issue concerns the CM Tooltip Glossary WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the `unfiltered html` capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 4.3.4, update to version 4.3.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable settings until a patch is applied. Avoid using the `unfiltered html` capability in multisite setups to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Events Calendar WordPress plugin versions prior to 6.8.2.1 **Description** The issue is related to missing access checks in the REST API, allowing unauthenticated users to access information about password-protected events. **Recommendations** For versions prior to 6.8.2.1, update to version 6.8.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API until a patch is applied. Avoid using the REST API for sensitive event information until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: CM Table Of Contents WordPress plugin versions prior to 1.2.4 Description: The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. Recommendations: For CM Table Of Contents WordPress plugin versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings update functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CM Table Of Contents WordPress plugin versions prior to 1.2.3 Description: The issue concerns a lack of CSRF check when resetting settings, which could allow attackers to make a logged-in admin perform such an action via a CSRF attack. Recommendations: For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings reset functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** The WP Hardening – Fix Your WordPress Security plugin versions up to, and including, 1.2.6 **Description** The issue is due to the use of an incorrect regular expression within the "Stop User Enumeration" feature, making it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames. **Recommendations** For versions up to, and including, 1.2.6, update to a version later than 1.2.6 to resolve the issue. As a temporary workaround, consider disabling the "Stop User Enumeration" feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Search & Filter Pro WordPress plugin versions prior to 2.5.18 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 2.5.18, update to version 2.5.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CM Popup Plugin for WordPress versions prior to 1.6.6 Description: The issue concerns the lack of sanitization and escaping of certain campaign settings, potentially allowing high-privilege users, such as contributors, to perform Stored Cross-Site Scripting attacks. Recommendations: For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting contributor access to campaign settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP QuickLaTeX WordPress plugin versions prior to 3.8.7 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For WP QuickLaTeX WordPress plugin versions prior to 3.8.7, update to version 3.8.7 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: CM WordPress Search And Replace Plugin versions prior to 1.3.9 Description: The issue concerns the lack of CSRF checks in certain areas of the plugin, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. Recommendations: For versions prior to 1.3.9, update to version 1.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CM Email Registration Blacklist and Whitelist WordPress plugin versions prior to 1.4.9 **Description** The issue allows attackers to perform actions on the blacklist or whitelist menu without the admin's knowledge or consent, potentially leading to unauthorized changes to settings. This is possible due to the lack of a CSRF check when adding or deleting items from the blacklist or whitelist. **Recommendations** For CM Email Registration Blacklist and Whitelist WordPress plugin versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EventON WordPress plugin versions prior to 2.2.15 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and escaped, and this vulnerability can be exploited even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 2.2.15, update to version 2.2.15 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Simple Photoswipe WordPress plugin version 0.1 **Description** The issue concerns a lack of authorization checks when updating settings, potentially allowing any authenticated user to modify them. **Recommendations** For Simple Photoswipe WordPress plugin version 0.1, consider disabling the settings update functionality until a patch is available to prevent unauthorized changes.

**Name of the Vulnerable Software and Affected Versions** Simple Photoswipe WordPress plugin version 0.1 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape some of its settings, making it vulnerable even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For Simple Photoswipe WordPress plugin version 0.1, update to a version that properly sanitises and escapes its settings to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Frontend Checklist WordPress plugin versions prior to 2.3.3 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For Frontend Checklist WordPress plugin versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Responsive video embed WordPress plugin versions prior to 0.5.1 **Description** The issue is related to the lack of validation and escaping of some shortcode attributes in the Responsive video embed WordPress plugin. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. **Recommendations** For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the shortcode attributes until a patch is applied. Avoid using unvalidated and unescaped shortcode attributes in pages/posts where the shortcode is embedded until the issue is resolved.