Jerome Bruandet

**Name of the Vulnerable Software and Affected Versions** The Custom CSS, JS & PHP plugin for WordPress versions up to, and including, 2.0.7 **Description** The issue is due to missing or incorrect nonce validation on the `save()` function, making it possible for unauthenticated attackers to save code snippets via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.0.7, consider disabling the `save()` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of attackers saving malicious code snippets. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The RSS Aggregator by Feedzy plugin for WordPress versions up to, and including, 3.4.2 **Description** The issue is due to missing or incorrect nonce validation on the `save feedzy post type meta()` function, making it possible for unauthenticated attackers to update post meta via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 3.4.2, update to a version later than 3.4.2 to resolve the issue. As a temporary workaround, consider disabling the `save feedzy post type meta()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Coupon Creator plugin for WordPress versions up to, and including, 3.1 **Description** The issue is due to missing or incorrect nonce validation on the `save meta()` function, making it possible for unauthenticated attackers to save meta fields via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 3.1, consider disabling the `save meta()` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Customizr theme for WordPress versions up to, and including, 4.3.0 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `czr fn post fields save()` function. This allows unauthenticated attackers to post fields via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 4.3.0, consider disabling the `czr fn post fields save()` function until a patch is available to prevent exploitation. Restrict access to areas of the site where this function is used to minimize the risk of attack.

**Name of the Vulnerable Software and Affected Versions** Brizy plugin for WordPress versions up to, and including, 1.0.125 **Description** The issue is related to an incorrect capability check on the `is administrator()` function, which allows authenticated attackers to bypass authorization and access available AJAX functions. This enables them to interact with these functions in an unauthorized manner. **Recommendations** For versions up to, and including, 1.0.125, update to a version that fixes the incorrect capability check on the `is administrator()` function to prevent authorization bypass. As a temporary workaround, consider restricting access to available AJAX functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Woody code snippets plugin for WordPress versions up to, and including, 2.3.9 **Description** The issue is due to missing or incorrect nonce validation on the `runActions()` function, making it possible for unauthenticated attackers to activate and deactivate snippets via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.3.9, update to a version that includes the fix for the missing or incorrect nonce validation on the `runActions()` function. As a temporary workaround, consider restricting access to the `runActions()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hueman theme for WordPress versions up to, and including, 3.6.3 **Description** The issue is due to missing or incorrect nonce validation on the `save meta box()` function, making it possible for unauthenticated attackers to save metabox data via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 3.6.3, update to a version higher than 3.6.3 to resolve the issue. As a temporary workaround, consider disabling the `save meta box()` function until a patch is available. Restrict access to the metabox data to minimize the risk of exploitation. Avoid using the vulnerable function in administrative tasks until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Paid Memberships Pro plugin for WordPress versions up to, and including, 2.4.2 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `pmpro page save()` function. This allows unauthenticated attackers to save pages via a forged request if they can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 2.4.2, consider disabling the `pmpro page save()` function until a patch is available to prevent exploitation. Restrict access to sensitive pages and ensure that site administrators are cautious when clicking on links from untrusted sources. Update to a version later than 2.4.2 when available.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Dynamic Pricing and Discounts plugin for WordPress versions up to, and including, 2.4.1 **Description** The issue arises from missing authorization on the `export()` function, allowing unauthenticated attackers to export the plugin's settings. This affects the WooCommerce Dynamic Pricing and Discounts plugin for WordPress. **Recommendations** For versions up to, and including, 2.4.1, update to a version higher than 2.4.1 to resolve the issue. As a temporary workaround, consider disabling the `export()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Simple:Press – WordPress Forum Plugin for WordPress versions up to, and including, 6.6.0 **Description** The issue is related to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file. This allows attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible. **Recommendations** For versions up to, and including, 6.6.0, update to a version higher than 6.6.0 to resolve the issue. As a temporary workaround, consider disabling the file upload functionality in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file until a patch is available. Restrict access to the vulnerable file to minimize the risk of exploitation. Avoid using the file upload feature in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.50 **Description** The issue is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. **Recommendations** For versions up to, and including, 2.50, update to a version higher than 2.50 to resolve the issue. As a temporary workaround, consider restricting access to the administrative dashboard and limiting subscriber-level permissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DW Question & Answer plugin for WordPress versions up to, and including, 1.5.8 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `update answer()` function. This allows unauthenticated attackers to update answers to questions via a forged request if they can trick a site administrator into performing a specific action. **Recommendations** For versions up to, and including, 1.5.8, consider disabling the `update answer()` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of unauthorized updates.

**Name of the Vulnerable Software and Affected Versions** Ocean Extra plugin for WordPress versions up to, and including, 1.6.5 **Description** The issue is due to missing or incorrect nonce validation on the `add core extensions bundle validation()` function, making it possible for unauthenticated attackers to validate extension bundles via a forged request. This can happen if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.6.5, update to a version that includes proper nonce validation for the `add core extensions bundle validation()` function to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the `add core extensions bundle validation()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Custom Banners plugin for WordPress versions up to and including 3.2.2 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `saveCustomFields()` function. This allows unauthenticated attackers to save custom fields via a forged request if they can trick a site administrator into performing a specific action. **Recommendations** For Custom Banners plugin for WordPress versions up to and including 3.2.2, consider disabling the `saveCustomFields()` function until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** EWWW Image Optimizer plugin for WordPress versions up to, and including, 5.8.1 **Description** The issue is due to missing or incorrect nonce validation on the `ewww ngg bulk init()` function, making it possible for unauthenticated attackers to perform bulk image optimization via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 5.8.1, update to a version that includes the fix for the missing or incorrect nonce validation on the `ewww ngg bulk init()` function. As a temporary workaround, consider restricting access to the `ewww ngg bulk init()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Top 10 plugin for WordPress versions up to, and including, 2.10.4 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `tptn export tables()` function. This allows unauthenticated attackers to generate an export of the top 10 table via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.10.4, consider disabling the `tptn export tables()` function until a patch is available to prevent exploitation. Restrict access to the export functionality to minimize the risk of unauthorized exports.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Etsy Integration plugin for WordPress versions up to, and including, 3.3.1 **Description** The issue arises from missing or incorrect nonce validation on the `etcpf delete feed()` function, allowing unauthenticated attackers to delete an export feed via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link. **Recommendations** For versions up to, and including, 3.3.1, update to a version higher than 3.3.1 to resolve the issue. As a temporary workaround, consider disabling the `etcpf delete feed()` function until a patch is available. Restrict access to the export feed functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Hotel Booking plugin for WordPress versions up to, and including, 1.10.1 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `admin add order item()` function. This allows unauthenticated attackers to add an order item via a forged request if they can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.10.1, consider disabling the `admin add order item()` function until a patch is available to prevent exploitation. Restrict access to administrative functions to minimize the risk of attackers tricking site administrators into performing malicious actions.

**Name of the Vulnerable Software and Affected Versions** 10WebAnalytics plugin for WordPress versions up to, and including, 1.2.8 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `create csv file()` function. This allows unauthenticated attackers to create a CSV file via a forged request if they can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.2.8, update to a version that includes proper nonce validation for the `create csv file()` function to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the `create csv file()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `save meta box()` function. This allows unauthenticated attackers to save meta boxes via a forged request if they can trick a site administrator into performing a specific action. **Recommendations** For versions up to, and including, 1.57, consider disabling the `save meta box()` function until a patch is available to prevent exploitation. Restrict access to the meta box saving functionality to minimize the risk of unauthorized changes.