Jason Carle

**Name of the Vulnerable Software and Affected Versions** Context Blog theme for WordPress versions through 1.2.5 **Description** The Context Blog theme for WordPress is susceptible to information disclosure in versions up to and including 1.2.5. This is due to inadequate restrictions on post inclusion within the `context blog modal popup`, potentially allowing unauthenticated attackers to access data from password-protected, private, or draft posts that they are not authorized to view. **Recommendations** Update the Context Blog theme to a version later than 1.2.5.

**Name of the Vulnerable Software and Affected Versions** Spin Wheel plugin for WordPress versions prior to 2.1.1 **Description** The Spin Wheel plugin for WordPress is susceptible to client-side prize manipulation. The plugin relies on client-supplied prize selection data without proper server-side validation or randomization. This allows unauthenticated attackers to modify the `prize index` parameter, enabling them to consistently select the most valuable prizes. The vulnerable parameter is sent to the server, allowing manipulation of the prize selection process. **Recommendations** Update the Spin Wheel plugin to version 2.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Userback plugin for WordPress versions through 1.0.15 **Description** The Userback plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check within the `userback get json` function. Authenticated attackers with Subscriber-level access or higher can extract the plugin’s configuration data, including the Userback API access token and the contents of site posts and pages, even those with private or draft status. **Recommendations** Update the Userback plugin to a version newer than 1.0.15.

The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url media uploader url upload ajax handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files.

**Name of the Vulnerable Software and Affected Versions** WordPress TopBar plugin versions prior to 1.0.1 **Description** The TopBar plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the `fme nb topbar save settings()` function. This allows attackers to modify the plugin’s settings by exploiting a forged request, provided they can induce a site administrator to perform an action. **Recommendations** Update the TopBar plugin to version 1.0.1 or later.