Huy Nguyen

**Name of the Vulnerable Software and Affected Versions** WP Event Manager versions prior to 3.1.23 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of proper escaping of some Field Editor settings when outputting them, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 3.1.23, update to version 3.1.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Travel Engine versions prior to 5.3.1 **Description** The issue allows users with a role as low as editor to perform Stored Cross-Site Scripting attacks due to the Description field in the Trip Destination/Activities/Trip Type and Pricing Category pages not being escaped, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 5.3.1, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of editors to modify the Description field in the affected pages until a patch is applied.

Name of the Vulnerable Software and Affected Versions: unisharp/laravel-filemanager versions prior to 2.6.2 Description: The issue arises from insufficient validation of file types during the upload process, specifically in the `upload()` function. This allows an attacker to potentially upload malicious files, such as webshells, by capturing and editing the upload request. The exploitation steps include installing the package with a web Laravel application, navigating to the upload window, uploading an image file, capturing the request, editing it to include a malicious file, and then accessing the uploaded file's path to achieve remote code execution. Prevention can be achieved by using a whitelist in the config file (lfm.php), with documentation available. Recommendations: For versions prior to 2.6.2, update to version 2.6.2 or later to resolve the issue. As a temporary workaround, consider using a whitelist in the config file (lfm.php) to prevent bad extensions until a patch is applied. Restrict access to the upload functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Import any XML or CSV File to WordPress plugin versions prior to 3.6.3 **Description** The issue allows high privilege users to perform Cross-Site attacks even when the unfiltered html capability is disallowed, due to the plugin not escaping the Import's Title and Unique Identifier fields before outputting them in admin pages. **Recommendations** For versions prior to 3.6.3, update to version 3.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin pages where the Import's Title and Unique Identifier fields are outputted, to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WP RSS Aggregator WordPress plugin versions prior to 4.19.2 Description: The issue arises from the improper sanitization and escaping of the URL to Blacklist field, allowing high privilege users to insert malicious HTML even when the unfiltered html capability is disallowed. This could lead to Cross-Site Scripting issues. Recommendations: For versions prior to 4.19.2, update to version 4.19.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the URL to Blacklist field to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: BetterLinks WordPress plugin versions prior to 1.2.6 Description: The issue arises from the plugin's failure to properly sanitise and escape certain imported link fields. This oversight could lead to Stored Cross-Site Scripting issues when an administrator imports a malicious CSV file. Recommendations: For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue. As a temporary workaround, consider avoiding the import of CSV files from untrusted sources until the update is applied.

Name of the Vulnerable Software and Affected Versions: Advanced Access Manager WordPress plugin versions prior to 6.8.0 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the plugin not escaping some of its settings when outputting them, even when the unfiltered html capability is disallowed. Recommendations: For versions prior to 6.8.0, update to version 6.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.3.1 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to the plugin not escaping its Export's Name before outputting it in Manage Exports settings. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manage Exports settings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WPeMatico RSS Feed Fetcher WordPress plugin versions prior to 2.6.12 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the Feed URL added to a campaign not being escaped before outputting it in an attribute. This is possible even when the unfiltered html capability is disallowed. Recommendations: For versions prior to 2.6.12, update to version 2.6.12 or later to resolve the issue. As a temporary workaround, consider restricting the ability to add or edit Feed URLs in campaigns to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Events Made Easy WordPress plugin versions prior to 2.2.24 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of Custom Field Names, even when the unfiltered html capability is disallowed. Recommendations: For versions prior to 2.2.24, update to version 2.2.24 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: WordPress Download Manager versions prior to 3.2.16 Description: The issue allows high privilege users to perform XSS attacks even when the unfiltered html capability is disallowed, due to the plugin not escaping some of the Download settings when outputting them. Recommendations: For versions prior to 3.2.16, update to version 3.2.16 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Download settings feature to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Connections Business Directory WordPress plugin versions prior to 10.4.3 Description: The issue allows high privilege users to perform Cross-Site Scripting when the unfiltered html capability is disallowed, due to the plugin not escaping the Address settings when creating an Entry. Recommendations: For versions prior to 10.4.3, update to version 10.4.3 or later to resolve the issue.