Johska

**Name of the Vulnerable Software and Affected Versions** WpTravelly versions prior to 2.1.6 **Description** A missing authorization issue in the WpTravelly plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action. **Recommendations** Update to a version later than 2.1.5.

**Name of the Vulnerable Software and Affected Versions** WpBookingly versions prior to 1.3.0 **Description** A missing authorization issue in the WpBookingly plugin allows for the exploitation of incorrectly configured access control security levels, resulting in broken access control. **Recommendations** Update to a version later than 1.2.9.

**Name of the Vulnerable Software and Affected Versions** Yoast Duplicate Post plugin for WordPress versions prior to 4.6 **Description** The Yoast Duplicate Post plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check in the `clone bulk action handler()` and `republish request()` functions. Authenticated attackers with Contributor-level access or higher can duplicate any post, including those marked as private, draft, or trashed, even if they should not have access. Attackers with Author-level access or higher can use the Rewrite & Republish feature to overwrite any published post with their own content. **Recommendations** Update to version 4.6 or later. As a temporary workaround, restrict user roles to the minimum necessary permissions.

**Name of the Vulnerable Software and Affected Versions** Writeprint Stylometry plugin for WordPress versions up to and including 0.1 **Description** The Writeprint Stylometry plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the `p` GET parameter. This is a result of inadequate input sanitization and output escaping within the `bjl wprintstylo comments nav()` function. The function directly outputs the `p` parameter into an HTML href attribute without proper escaping, allowing authenticated attackers with Contributor-level permissions or higher to inject arbitrary web scripts. These scripts can execute if a user clicks on a malicious link. The vulnerable parameter is `p`. **Recommendations** Update the Writeprint Stylometry plugin to a version beyond 0.1.

**Name of the Vulnerable Software and Affected Versions** bPlugins Icon List Block versions through 1.2.3 **Description** The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting (XSS) issue. This specific instance allows for Stored XSS, meaning malicious scripts can be stored and executed by other users. **Recommendations** Update bPlugins Icon List Block to a version later than 1.2.3.

**Name of the Vulnerable Software and Affected Versions** WP Maps versions up to and including 4.9.1 **Description** The WP Maps plugin for WordPress is susceptible to time-based blind SQL Injection through the `location id` parameter. This occurs because the plugin’s database abstraction layer (`FlipperCode Model Base::is column()`) interprets user input enclosed in backticks as column names, circumventing the `esc sql()` escaping function. The `wpgmp ajax call` AJAX handler, accessible to unauthenticated users via `wp ajax nopriv`, permits the invocation of arbitrary class methods, including `wpgmp return final capability`. This function directly incorporates the unsanitized `location id` GET parameter into database queries, enabling attackers to append additional SQL queries and potentially extract sensitive data. **Recommendations** Versions up to and including 4.9.1 should be updated to a newer, fixed version if available. As a temporary workaround, consider restricting access to the `wpgmp ajax call` AJAX handler. Avoid using the `location id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Frontend Profile plugin for WordPress versions prior to 1.3.9 **Description** The WP Frontend Profile plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the `update action` function. An unauthenticated attacker could potentially approve or reject user account registrations by forging a request, provided they can trick an administrator into performing an action, such as clicking a malicious link. **Recommendations** Update the WP Frontend Profile plugin to version 1.3.9 or later.

**Name of the Vulnerable Software and Affected Versions** Advanced iFrame versions through 2025.10 **Description** The software contains a flaw related to improper input handling during web page generation, leading to a Cross-site Scripting (XSS) condition. Specifically, the issue manifests as DOM-Based XSS. The vulnerability exists in the advanced-iframe component. **Recommendations** Update Advanced iFrame to a version later than 2025.10.

**Name of the Vulnerable Software and Affected Versions** iXML – Google XML sitemap generator plugin for WordPress versions prior to 0.6 **Description** The iXML – Google XML sitemap generator plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping of the `iXML email` parameter. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if a user is tricked into performing an action, such as clicking a link. **Recommendations** Update the iXML – Google XML sitemap generator plugin for WordPress to a version later than 0.6.

**Name of the Vulnerable Software and Affected Versions** PublishPress PublishPress Authors versions through 4.10.1 **Description** A missing authorization issue exists in PublishPress PublishPress Authors, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update PublishPress PublishPress Authors to a version later than 4.10.1.

**Name of the Vulnerable Software and Affected Versions** ExpressTech Systems Quiz And Survey Master versions through 10.3.4 **Description** An authorization bypass exists in ExpressTech Systems Quiz And Survey Master quiz-master-next due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. **Recommendations** Versions prior to and including 10.3.4 should be updated.

**Name of the Vulnerable Software and Affected Versions** Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress versions up to and including 3.5.32 **Description** The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress has a flaw that allows unauthorized access. This is due to a missing capability check on a function. Authenticated attackers with Contributor-level access or higher can perform an unauthorized action. **Recommendations** Update Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress to a version later than 3.5.32.

**Name of the Vulnerable Software and Affected Versions** Ninja Forms versions prior to 3.14.1 **Description** The Ninja Forms plugin for WordPress is susceptible to Sensitive Information Exposure in versions up to and including 3.14.0. This occurs because the `ninja forms merge tags` filter is applied unsafely to user-provided input within repeater fields, allowing the resolution of `{post meta:KEY}` merge tags without proper authorization. This enables unauthenticated attackers to retrieve arbitrary post metadata from any post on the site. The issue is exploitable via the `nf ajax submit` API endpoint and can expose sensitive data like WooCommerce billing emails, API keys, private tokens, and customer personal information. **Recommendations** Update Ninja Forms to version 3.14.1 or later.

**Name of the Vulnerable Software and Affected Versions** WP Chill Passster content-protector versions through 4.2.25 **Description** An authorization issue exists in WP Chill Passster content-protector, stemming from incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update WP Chill Passster content-protector to a version later than 4.2.25.

**Name of the Vulnerable Software and Affected Versions** Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress versions prior to 2.19.18 **Description** The Spectra Gutenberg Blocks plugin for WordPress is susceptible to information disclosure. The plugin does not verify `post password required()` before rendering post excerpts using the `render excerpt()` function and the `uagb get excerpt()` helper function. This allows unauthenticated attackers to view excerpts of password-protected posts through Spectra Post Grid, Post Masonry, Post Carousel, or Post Timeline blocks. **Recommendations** Update to version 2.19.18 or later.

**Name of the Vulnerable Software and Affected Versions** Simple User Registration versions prior to 6.8 **Description** The Simple User Registration plugin for WordPress has a privilege escalation issue in versions up to and including 6.7. Insufficient restriction on the `profile save field` function allows authenticated attackers with minimal permissions, such as a subscriber, to modify their user role. This is achieved by supplying the `wp capabilities` parameter during a profile update. **Recommendations** Update the Simple User Registration plugin to version 6.8 or later.

**Name of the Vulnerable Software and Affected Versions** SEO Links Interlinking plugin for WordPress versions up to and including 1.7.5 **Description** The SEO Links Interlinking plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input sanitization and output escaping of the `google error` parameter. An unauthenticated attacker can inject arbitrary web scripts into pages, which will execute if a user is tricked into clicking a malicious link. **Recommendations** Update the SEO Links Interlinking plugin to a version newer than 1.7.5.

**Name of the Vulnerable Software and Affected Versions** antoniobg ABG Rich Pins versions through 1.1 **Description** The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting (XSS). This means an attacker could inject malicious scripts into web pages viewed by other users. The affected component is abg-rich-pins. **Recommendations** Update antoniobg ABG Rich Pins to a version later than 1.1.

**Name of the Vulnerable Software and Affected Versions** Attachments Handler plugin for WordPress versions up to and including 1.1.7 **Description** The Attachments Handler plugin for WordPress is susceptible to Reflected Cross-Site Scripting through a URL parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link, which then executes the injected script. **Recommendations** Update the Attachments Handler plugin to a version later than 1.1.7.

**Name of the Vulnerable Software and Affected Versions** WP Hallo Welt plugin versions prior to 1.5 **Description** The WP Hallo Welt plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the `hallo welt seite` function. This allows unauthenticated attackers to update plugin settings and inject malicious web scripts via a forged request if they can trick a site administrator into performing an action, such as clicking a link. Insufficient input sanitization and output escaping can lead to Stored Cross-Site Scripting (XSS). **Recommendations** Update the WP Hallo Welt plugin to version 1.5 or later.