Ifoundbug

**Name of the Vulnerable Software and Affected Versions** The Magic Login Mail or QR Code plugin for WordPress versions up to and including 2.05 **Description** The plugin is susceptible to a privilege escalation issue. This is caused by the plugin storing the magic login QR code image with a predictable filename (`QR Code.png`) in a publicly accessible directory during email sending. The file is deleted after the email function completes, creating a race condition. This allows unauthenticated attackers to request a login link for any user, including administrators, and exploit the timing gap to obtain the login URL encoded in the QR code, leading to unauthorized account access. **Recommendations** Versions prior to and including 2.05 should be updated.

**Name of the Vulnerable Software and Affected Versions** ShareThis Dashboard for Google Analytics plugin for WordPress versions through 3.2.4 **Description** The plugin is susceptible to Sensitive Information Exposure. The Google Analytics `client ID` and `client secret` are stored in plaintext within the publicly accessible plugin source code. An unauthenticated attacker could potentially create a link to the sharethis.com server. If an administrator, logged into the website and Google Analytics, clicks this link, it could share a Google Analytics authorization token with a malicious website. **Recommendations** Update to a version beyond 3.2.4.

**Name of the Vulnerable Software and Affected Versions** URL Shortener Plugin For WordPress versions through 3.0.7 **Description** The URL Shortener Plugin For WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the `analytic id` parameter is not properly sanitized, allowing attackers to inject malicious SQL code. This enables unauthenticated attackers to extract sensitive information from the database by appending additional SQL queries to existing ones. **Recommendations** Update URL Shortener Plugin For WordPress to a version newer than 3.0.7.

**Name of the Vulnerable Software and Affected Versions** ELEX WordPress HelpDesk & Customer Ticketing System versions up to and including 3.3.1 **Description** The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is susceptible to arbitrary file uploads. This is due to a lack of file type validation within the `eh crm new ticket post()` function. This allows unauthenticated attackers to upload arbitrary files to the affected server, potentially leading to remote code execution. The `eh crm new ticket post()` function is the component responsible for handling new ticket submissions and is vulnerable due to insufficient input sanitization. **Recommendations** Versions prior to and including 3.3.1 should be updated to a newer, fixed version as soon as it becomes available. As a temporary workaround, consider disabling file uploads within the ELEX WordPress HelpDesk & Customer Ticketing System plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** File Manager for Google Drive – Integrate Google Drive with WordPress versions prior to 1.5.4 **Description** The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress has a flaw that allows unauthenticated attackers to extract sensitive data. This includes Google OAuth credentials (`client id` and `client secret`) and Google account email addresses. The issue is due to the "get localize data" function. **Recommendations** Update File Manager for Google Drive – Integrate Google Drive with WordPress to a version later than 1.5.3.

**Name of the Vulnerable Software and Affected Versions** Community Events plugin for WordPress versions up to and including 1.5.2 **Description** The Community Events plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `event details` parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the Community Events plugin to a version later than 1.5.2.

**Name of the Vulnerable Software and Affected Versions** URL Shortener Plugin For WordPress versions through 3.0.7 **Description** The URL Shortener Plugin For WordPress plugin is susceptible to unauthorized access to API functionality. A missing capability check within the `verifyRequest` function allows authenticated attackers with Subscriber-level access or higher to modify links. The API endpoint is vulnerable due to this missing check. The vulnerable parameter is not specified. **Recommendations** Update the URL Shortener Plugin For WordPress to a version later than 3.0.7.

**Name of the Vulnerable Software and Affected Versions** DocoDoco Store Locator plugin for WordPress versions up to and including 1.0.1 **Description** The DocoDoco Store Locator plugin for WordPress has a flaw allowing unauthorized file uploads. This occurs because of a lack of proper file type checking when uploading zip files. Attackers with Editor-level access or higher can upload any file type to the server, potentially leading to remote code execution. **Recommendations** Update the DocoDoco Store Locator plugin to a version newer than 1.0.1.

**Name of the Vulnerable Software and Affected Versions** Find And Replace content for WordPress plugin versions prior to 1.2 **Description** The Find And Replace content for WordPress plugin for WordPress is susceptible to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement. This is due to a missing capability check on the `far admin ajax fun()` function. This allows unauthenticated attackers to inject arbitrary web scripts into pages, potentially leading to privilege escalation and malicious redirects. **Recommendations** Update to version 1.2 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress Community Events plugin versions through 1.5.1 **Description** The WordPress Community Events plugin is susceptible to a SQL Injection issue due to inadequate input sanitization of the `event venue` parameter. This allows authenticated attackers with Subscriber-level access or higher to inject additional SQL queries into existing database queries, potentially leading to the extraction of sensitive information. The `event venue` parameter is vulnerable because of insufficient escaping and a lack of proper preparation of the SQL query. **Recommendations** Versions prior to and including 1.5.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions through 6.0.6.2 **Description** The RegistrationMagic plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and query preparation. This allows authenticated attackers with administrator privileges or higher to inject additional SQL queries, potentially extracting sensitive database information. Additionally, an unauthenticated attacker can leverage a Reflected Cross-Site Scripting attack via the user-agent during form submission. The vulnerable parameter is not explicitly specified. **Recommendations** Update RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress to a version later than 6.0.6.2.

**Name of the Vulnerable Software and Affected Versions** Community Events plugin for WordPress versions up to and including 1.5.1 **Description** The Community Events plugin for WordPress is susceptible to SQL Injection through the `event category` parameter. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with Subscriber-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. **Recommendations** Update the Community Events plugin to a version newer than 1.5.1.

**Name of the Vulnerable Software and Affected Versions** Featured Image from URL (FIFU) plugin for WordPress versions through 5.2.7 **Description** The Featured Image from URL (FIFU) plugin for WordPress is susceptible to SQL Injection through the `get all urls()` function. Insufficient escaping of user-supplied parameters and inadequate SQL query preparation contribute to this issue. Authenticated attackers with Administrator-level access or higher can inject additional SQL queries into existing queries, potentially extracting sensitive information from the database. **Recommendations** Update the Featured Image from URL (FIFU) plugin to a version later than 5.2.7.

**Name of the Vulnerable Software and Affected Versions** Featured Image from URL (FIFU) plugin for WordPress versions 5.2.7 and earlier **Description** The Featured Image from URL (FIFU) plugin for WordPress is susceptible to Sensitive Information Exposure due to publicly exposed log files. This allows unauthenticated attackers to view potentially sensitive information contained within these log files. **Recommendations** Update the Featured Image from URL (FIFU) plugin to version 5.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Featured Image from URL (FIFU) plugin for WordPress versions through 5.2.7 **Description** The plugin is susceptible to unauthorized data access because of a missing capability check within the `fifu api debug posts()` function. This allows unauthenticated attackers to read private or password-protected posts. The issue involves the `fifu api debug posts()` function, which lacks proper authorization controls. **Recommendations** Update to version 5.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Featured Image from URL (FIFU) plugin for WordPress versions through 5.2.7 **Description** The software is susceptible to a SQL Injection issue due to inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries within the `get posts with internal featured image()` function. This allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries into existing database queries, potentially enabling them to extract sensitive information. **Recommendations** Update the Featured Image from URL (FIFU) plugin to a version later than 5.2.7.