Haidv35

**Name of the Vulnerable Software and Affected Versions** Oracle Agile Product Lifecycle Management for Process version 6.2.4 **Description** An easily exploitable issue exists in the Product Quality Management component of Oracle Agile Product Lifecycle Management for Process. A low-privileged attacker with network access via HTTP can compromise the system. Successful exploitation may lead to unauthorized access to critical data or complete access to all accessible data. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: A cross-site scripting issue exists in a specific field in the entry editing screen of a-blog cms, requiring contributor or higher level privileges to exploit. If exploited, an arbitrary script may be executed on the web browser of the user logging in to the product. Recommendations: For versions prior to 3.1.43, update to version 3.1.43 or later. For versions prior to 3.0.47, update to version 3.0.47 or later. As a temporary workaround, consider restricting access to the entry editing screen to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: The issue is related to insufficient path validation in the backup feature of a-blog cms, which can be exploited by a remote authenticated attacker with administrator privilege to obtain or delete any file on the server. This requires the attacker to have administrator privileges. Recommendations: For versions prior to 3.1.43, update to version 3.1.43 or later. For versions prior to 3.0.47, update to version 3.0.47 or later. As a temporary workaround, consider restricting access to the backup feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP STAGING Pro WordPress Backup plugin versions up to and including 6.1.2 **Description** The issue concerns the exposure of information due to missing capability checks in the `getOutdatedPluginsRequest()` function. This allows unauthenticated attackers to reveal installed, active or inactive, outdated plugins. **Recommendations** For WP STAGING Pro WordPress Backup plugin versions up to and including 6.1.2, update to a version later than 6.1.2 to resolve the issue. As a temporary workaround, consider disabling the `getOutdatedPluginsRequest()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's `ult team` shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.19.20, update to a version that addresses the insufficient input sanitization and output escaping issue in the `ult team` shortcode. As a temporary workaround, consider restricting access to the `ult team` shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's `ultimate info table` shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.19.20, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `ultimate info table` shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the `ultimate pricing` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.19.20, update to a version that addresses the insufficient input sanitization and output escaping issue in the `ultimate pricing` shortcode. As a temporary workaround, consider restricting access to the `ultimate pricing` shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's `ultimate dual color` shortcode due to insufficient input sanitization and output escaping on user-supplied attributes, such as `attributes` supplied by users. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.19.20, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `ultimate dual color` shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Addons for WPBakery plugin for WordPress versions up to, and including, 3.19.20 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the `ultimate info banner` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.19.20, update to a version that addresses the insufficient input sanitization and output escaping issue in the `ultimate info banner` shortcode. As a temporary workaround, consider restricting access to the `ultimate info banner` shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.13 **Description** The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the `shariff3uu fetch sharecounts` function. This enables the execution of any PHP code in those files, which can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. **Recommendations** For Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.13, update to a version higher than 4.6.13 to resolve the issue. As a temporary workaround, consider disabling the `shariff3uu fetch sharecounts` function until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid uploading and including files that could potentially contain malicious PHP code.

**Name of the Vulnerable Software and Affected Versions** Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.7.2 **Description** The issue allows authenticated attackers with Contributor-level access and above to include remote files on the server, resulting in code execution. This is possible via the `behavior` attributes found in the `qi addons for elementor blog list` shortcode. To successfully exploit, an attacker must create a non-existent directory or target an instance where `file exists` won't return false with a non-existent directory in the path. **Recommendations** For versions up to, and including, 1.7.2, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider disabling the `qi addons for elementor blog list` shortcode until a patch is available. Restrict access to the `behavior` attributes in the shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress versions up to, and including, 3.4.3 **Description** The issue is related to arbitrary file uploads due to missing file type validation in the `wpstg processing` AJAX action. This allows authenticated attackers with administrator-level access and above to upload arbitrary files on the affected site's server, potentially making remote code execution possible. **Recommendations** For versions up to, and including, 3.4.3, update to a version that includes the necessary file type validation to prevent arbitrary file uploads. As a temporary workaround, consider restricting access to the `wpstg processing` AJAX action to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: LayerSlider plugin for WordPress version 7.11.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's ls search form shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For version 7.11.0, consider disabling the ls search form shortcode until a patch is available to prevent exploitation. Restrict access to the shortcode for users with contributor-level access and above to minimize the risk of arbitrary web script injection.

**Name of the Vulnerable Software and Affected Versions** WordPress Automatic Plugin plugin for WordPress versions up to, and including, 3.94.0 **Description** The issue is related to Stored Cross-Site Scripting via the `autoplay` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.94.0, update to a version higher than 3.94.0 to resolve the issue. As a temporary workaround, consider restricting access to the `autoplay` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cost Calculator Builder Pro plugin for WordPress versions up to 3.1.72 **Description** The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services. The `send demo webhook()` function is involved in the exploitation. **Recommendations** For versions up to 3.1.72, as a temporary workaround, consider disabling the `send demo webhook()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ConvertPlus plugin for WordPress versions up to, and including, 3.5.26 **Description** The issue allows authenticated attackers with contributor-level access and above to inject a PHP Object via deserialization of untrusted input from the `settings encoded` attribute of the "smile modal" shortcode. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **Recommendations** For versions up to, and including, 3.5.26, update to a version that contains a fix for this issue to prevent PHP Object Injection. As a temporary workaround, consider restricting access to the "smile modal" shortcode to minimize the risk of exploitation. Avoid using the `settings encoded` attribute in the affected shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Click to Chat – HoliThemes plugin for WordPress versions up to, and including, 3.35 **Description** The issue allows authenticated attackers with contributor access or above to include and execute arbitrary files on the server. This enables the execution of any PHP code in those files, which can be used to bypass access controls, obtain sensitive data, or achieve code execution. This is particularly concerning in cases where images and other “safe” file types can be uploaded and included. **Recommendations** For versions up to, and including, 3.35, update to a version higher than 3.35 to resolve the issue. As a temporary workaround, consider restricting contributor access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP STAGING versions up to 3.4.3 WP STAGING Pro versions up to 5.4.3 **Description** The issue allows unauthenticated attackers to extract sensitive data from a log file, including system information and license keys, via the `ajaxSendReport` function. This is possible when an administrator has used the 'Contact Us' functionality along with the option to automatically submit log files. **Recommendations** For WP STAGING versions up to 3.4.3, update to a version later than 3.4.3 to resolve the issue. For WP STAGING Pro versions up to 5.4.3, update to a version later than 5.4.3 to resolve the issue. As a temporary workaround, consider disabling the `ajaxSendReport` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** hCaptcha for WordPress plugin for WordPress versions up to, and including, 4.0.0 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's cf7-hcaptcha shortcode, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.0.0, update to a version higher than 4.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the cf7-hcaptcha shortcode to prevent exploitation. Additionally, limiting contributor-level access and above can help minimize the risk of arbitrary web script injection.

**Name of the Vulnerable Software and Affected Versions** Oracle HTTP Server version 12.2.1.4.0 **Description** The issue is related to insufficient protection of service data in the Web Listener component of Oracle HTTP Server, allowing an unauthenticated attacker with network access via HTTP to compromise the server. Successful attacks can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. **Recommendations** For version 12.2.1.4.0, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.