Hrxknight

**Name of the Vulnerable Software and Affected Versions** SMTP by BestWebSoft plugin for WordPress versions up to 1.1.9 **Description** The issue arises from missing file type validation in the `save options` function, allowing authenticated attackers with Administrator-level access and above to upload arbitrary files on the server, potentially enabling remote code execution. **Recommendations** For versions up to 1.1.9, update to a version that includes a fix for the missing file type validation in the `save options` function to prevent arbitrary file uploads.

**Name of the Vulnerable Software and Affected Versions** The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress versions up to, and including, 4.7.3 **Description** The issue allows authenticated attackers with Administrator-level access and above to inject a PHP Object via deserialization of untrusted input in the `import gallery from csv` function. This vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. **Recommendations** For versions up to, and including, 4.7.3, as a temporary workaround, consider disabling the `import gallery from csv` function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Booking Calendar and Notification plugin for WordPress versions prior to 4.0.4 **Description** The issue allows unauthorized access, modification, and loss of data due to missing capability checks on the `wpcb all bookings()`, `wpcb update booking post()`, and `wpcb delete posts()` functions. This enables unauthenticated attackers to extract data, create or update bookings, or delete arbitrary posts. **Recommendations** For versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the `wpcb all bookings()`, `wpcb update booking post()`, and `wpcb delete posts()` functions until a patch is available. Restrict access to these functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Legoeso PDF Manager plugin for WordPress versions up to, and including, 1.2.2 **Description** The issue allows authenticated attackers with Author-level access and above to perform time-based SQL Injection via the `checkedVals` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This enables attackers to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. **Recommendations** For versions up to, and including, 1.2.2, consider disabling the `checkedVals` parameter until a patch is available to prevent potential SQL Injection attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation, especially for users with Author-level access and above.

**Name of the Vulnerable Software and Affected Versions** GetBookingsWP – Appointments Booking Calendar Plugin For WordPress versions up to 1.1.27 **Description** The issue arises from the plugin's failure to properly validate a user's identity before updating their details, such as email addresses. This allows authenticated attackers with subscriber-level access or higher to change arbitrary users' email addresses, including those of administrators. The attackers can then leverage this capability to reset the user's password and gain access to their account. **Recommendations** For versions up to 1.1.27, update the plugin to a version higher than 1.1.27 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's user management features to minimize the risk of exploitation. Additionally, monitor user account activity for any suspicious changes to email addresses or password resets.