H3V0X

**Name of the Vulnerable Software and Affected Versions** Shopp WordPress plugin versions 1.4 and earlier **Description** The issue concerns the lack of security measures in the `shopp upload file` AJAX action, allowing both unauthenticated and authenticated users to upload malicious files, such as PHP files, without restriction. This can lead to remote code execution (RCE) as unauthenticated users can upload arbitrary files. **Recommendations** For Shopp WordPress plugin versions 1.4 and earlier, as a temporary workaround, consider disabling the `shopp upload file` AJAX action until a patch is available. Restrict access to file upload functionality to minimize the risk of exploitation. Avoid using the file upload feature in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin versions 2.2.5 and earlier **Description** The issue allows any file, such as PHP, to be uploaded by an administrator due to a lack of checks for uploaded Downloadable Digital product files. Additionally, the absence of CSRF protection enables attackers to make a logged-in admin upload a malicious PHP file, leading to remote code execution (RCE). **Recommendations** For WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin versions 2.2.5 and earlier, update to a version later than 2.2.5 to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary file types and implementing CSRF protection to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenPLC ScadaBR versions through 0.9.1 on Linux and through 1.12.4 on Windows. **Description** OpenPLC ScadaBR is affected by a stored cross-site scripting (XSS) vulnerability in the `system settings.shtm` file. This flaw allows attackers to execute malicious scripts in the context of a user's browser. The vulnerability has been actively exploited by the hacktivist group TwoNet, who successfully defaced a honeypot system simulating a water treatment facility within 26 hours of gaining initial access. The attack involved exploiting default credentials and utilizing the XSS vulnerability to disable system logs and alarms. The vulnerability is present in both Windows and Linux versions of the software. It is estimated that a significant number of devices worldwide may be vulnerable. **API Endpoints:** `/system settings.shtm` **Vulnerable Parameters or Variables:** None explicitly mentioned. **Recommendations** OpenPLC ScadaBR versions through 0.9.1 on Linux should be updated to a newer, secure version. OpenPLC ScadaBR versions through 1.12.4 on Windows should be updated to a newer, secure version.

**Name of the Vulnerable Software and Affected Versions** OpenPLC ScadaBR versions through 0.9.1 on Linux OpenPLC ScadaBR versions through 1.12.4 on Windows **Description** The ScadaBR system, designed for data collection and process automation control, is affected by multiple issues. One issue involves insufficient protection of the `agentpushPreset` structure within the administrative interface page `system settings.shtm`, potentially allowing for cross-site scripting (XSS) attacks. Another issue allows remote authenticated users to upload and execute arbitrary JSP files through the `view edit.shtm` file. This is due to unrestricted file upload of dangerous file types. The `view edit.shtm` file is used as the entry point for exploitation. **Recommendations** OpenPLC ScadaBR versions through 0.9.1 on Linux: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenPLC ScadaBR versions through 1.12.4 on Windows: At the moment, there is no information about a newer version that contains a fix for this vulnerability.