Jonas Höbenreich

**Name of the Vulnerable Software and Affected Versions** WP Royal Ashe Extra versions 1.2.9 and earlier **Description** The issue is related to a Missing Authorization vulnerability in WP Royal Ashe Extra, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WP Royal Ashe Extra versions 1.2.9 and earlier, update to a version later than 1.2.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Surfer versions through 1.3.2.357 **Description** The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. **Recommendations** For versions through 1.3.2.357, update to a version that contains a fix for this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** reCAPTCHA for all versions n/a through 1.22 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions n/a through 1.22, consider reconfiguring access control security levels to properly restrict unauthorized access until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Taggbox versions prior to 3.3 **Description** The issue is related to a Missing Authorization vulnerability in Taggbox, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For versions prior to 3.3, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPoperation SALERT versions 1.2.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For WPoperation SALERT versions 1.2.1 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided.

**Name of the Vulnerable Software and Affected Versions** Ni WooCommerce Sales Report versions 3.7.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Ni WooCommerce Sales Report versions 3.7.3 and earlier, update to a version later than 3.7.3 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** SIP Reviews Shortcode for WooCommerce plugin for WordPress versions up to, and including, 1.2.3 **Description** The issue is related to SQL Injection via the `no of reviews` attribute in the "woocommerce reviews" shortcode. This occurs due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query, making it possible for unauthenticated attackers to append additional SQL queries into already existing queries. This can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 1.2.3, update to a version that fixes the SQL Injection issue. As a temporary workaround, consider restricting access to the `woocommerce reviews` shortcode to minimize the risk of exploitation. Avoid using the `no of reviews` attribute in the affected shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SIP Reviews Shortcode for WooCommerce plugin for WordPress versions up to, and including, 1.2.3 **Description** The issue is related to Stored Cross-Site Scripting via the `no of reviews` attribute in the "woocommerce reviews" shortcode. This is due to insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.3, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `woocommerce reviews` shortcode or disabling the `no of reviews` attribute until a patch is available.

Name of the Vulnerable Software and Affected Versions: Revolut Gateway for WooCommerce plugin for WordPress versions up to, and including, 4.17.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the "/wc/v3/revolut" REST API endpoint. This allows unauthenticated attackers to mark orders as completed. Recommendations: For versions up to, and including, 4.17.3, update to a version higher than 4.17.3 to resolve the issue. As a temporary workaround, consider restricting access to the "/wc/v3/revolut" REST API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Where I Was, Where I Will Be plugin for WordPress version <= 1.1.1 **Description** The issue allows unauthenticated attackers to include and execute arbitrary files hosted on external servers via the `WIW HEADER` parameter of the "/system/include/include user.php" file. This enables the execution of any PHP code in those files, potentially bypassing access controls, obtaining sensitive data, or achieving code execution. The exploitation requires `allow url include` to be set to true, which is not commonly enabled. **Recommendations** For version <= 1.1.1, update to a version greater than 1.1.1 to resolve the issue. As a temporary workaround, consider disabling the `WIW HEADER` parameter in the "/system/include/include user.php" file until a patch is available. Additionally, ensure that `allow url include` is set to false to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Easy!Appointments versions 1.3.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Easy!Appointments. **Recommendations** For versions 1.3.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smackcoders Export All Posts, Products, Orders, Refunds & Users versions through 2.4.1 **Description** The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data can be accessed by someone who should not have access to it. **Recommendations** For versions through 2.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics versions n/a through 3.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions n/a through 3.1, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Password Reset with Code for WordPress REST API versions 0.0.0 through 0.0.15 **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability in the Password Reset with Code for WordPress REST API, allowing Authentication Abuse. **Recommendations** For versions 0.0.0 through 0.0.15, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smackcoders Export All Posts, Products, Orders, Refunds & Users versions n/a through 2.4.1 **Description** The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data can be accessed by someone who should not have access to it. **Recommendations** For versions n/a through 2.4.1, update to a version later than 2.4.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FLOWFACT WP Connector plugin versions <= 2.1.7 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For FLOWFACT WP Connector plugin versions <= 2.1.7, update to a version higher than 2.1.7 to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Taggbox plugin versions <= 2.9 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 2.9, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kangu para WooCommerce plugin versions <= 2.2.9 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions <= 2.2.9, update to a version higher than 2.2.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LWS Affiliation versions prior to 2.2.7 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion in LWS Affiliation. **Recommendations** For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Greeklish-permalink WordPress plugin versions prior to 3.4 **Description** The issue concerns the lack of proper authorization and nonce checks in the `cyrtrans ajax old` AJAX action. This allows unauthorized and low-privilege users to change Post slugs, either directly or through Cross-Site Request Forgery (CSRF). **Recommendations** For Greeklish-permalink WordPress plugin versions prior to 3.4, update to version 3.4 or later to resolve the issue. As a temporary workaround, consider disabling the `cyrtrans ajax old` AJAX action until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's features that rely on the vulnerable AJAX action until the issue is resolved.