Floerer

**Name of the Vulnerable Software and Affected Versions** Use-your-Drive | Google Drive plugin for WordPress versions prior to 3.3.2 **Description** The Use-your-Drive | Google Drive plugin for WordPress is susceptible to Stored Cross-Site Scripting via the `title` parameter in file metadata. Insufficient input sanitization and output escaping allow attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The issue can be exploited by the lowest authentication level permitted to upload files, including unauthenticated users, after a file upload shortcode is published on a publicly accessible post. **Recommendations** Update Use-your-Drive | Google Drive plugin for WordPress to version 3.3.2 or later.

Name of the Vulnerable Software and Affected Versions: Centreon web versions 24.04.0 through 24.04.9 Centreon web versions 24.10.0 through 24.10.3 Description: The issue is related to Improper Privilege Management in the API Token creation form modules, allowing Privilege Escalation. Recommendations: For Centreon web versions 24.04.0 through 24.04.9, update to version 24.04.10 or later. For Centreon web versions 24.10.0 through 24.10.3, update to version 24.10.4 or later.

**Name of the Vulnerable Software and Affected Versions** The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin versions up to, and including, 2.2.13 **Description** The issue allows unauthenticated attackers to obtain an archive file name and download the site's backup due to the exposed process stats file during the backup process. This is a result of sensitive information exposure in the plugin. **Recommendations** For versions up to, and including, 2.2.13, update the plugin to the latest patched version to mitigate the risk of sensitive information exposure. As a temporary workaround, consider restricting access to the backup process to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress versions up to, and including, 1.13.3 **Description** The issue is related to missing authorization checks on the "/wp-json/masteriyo/v1/users/$id" REST API endpoint. This allows authenticated attackers with student-level access and above to modify the roles of arbitrary users, potentially escalating their privileges to Administrator and demoting existing administrators to students. **Recommendations** For versions up to, and including, 1.13.3, update to a version higher than 1.13.3 to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-json/masteriyo/v1/users/$id" API endpoint until a patch is available. Restrict access to the `users` endpoint to minimize the risk of exploitation. Avoid using the `id` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Masteriyo LMS – eLearning and Online Course Builder for WordPress versions prior to 1.13.3 **Description** The issue is related to Stored Cross-Site Scripting via the question's content parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with student-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions prior to 1.13.3, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the question's content parameter to minimize the risk of exploitation. Additionally, ensure proper input sanitization and output escaping to prevent arbitrary web script injections.

**Name of the Vulnerable Software and Affected Versions** XWiki Platform versions 3.5-milestone-1 through 14.4.7 XWiki Platform versions 14.5.0 through 14.10.3 XWiki Platform versions 15.0-rc-0 **Description** The mail obfuscation configuration was not fully taken into account, allowing users to infer the mail content. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated, and users were able to filter and sort on the unobfuscated. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. **Recommendations** For XWiki Platform versions 3.5-milestone-1 through 14.4.7, update to version 14.4.8 or later. For XWiki Platform versions 14.5.0 through 14.10.3, update to version 14.10.4 or later. For XWiki Platform versions 15.0-rc-0, update to version 15.0-rc-1 or later. As a temporary workaround, consider modifying the page `XWiki.LiveTableResultsMacros` following the provided patch.

**Name of the Vulnerable Software and Affected Versions** XWiki Platform versions 13.2-rc-1 through 14.10.20 XWiki Platform versions 15.0.0 through 15.5.4 XWiki Platform versions 15.10.0 **Description** The issue allows any user knowing the ID of a notification filter preference of another user to enable, disable, or delete it. This could cause the target user to lose notifications on some pages. The patch for this issue involves checking the rights of the user before performing any action on the filters. **Recommendations** For XWiki Platform versions 13.2-rc-1 through 14.10.20, upgrade to version 14.10.21 or later. For XWiki Platform versions 15.0.0 through 15.5.4, upgrade to version 15.5.5 or later. For XWiki Platform versions 15.10.0, upgrade to version 15.10.1 or later. As a temporary workaround, consider editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue is related to errors in processing hypertext links, which can be exploited by a remote attacker to bypass security features. Insufficient capability checks in Moodle allow an attacker to remove other users' calendar URL subscriptions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.