José Aguilera

**Name of the Vulnerable Software and Affected Versions** Pago por Redsys plugin for WordPress versions up to, and including, 1.0.12 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The `Ds MerchantParameters` parameter is specifically vulnerable to this issue. **Recommendations** For versions up to, and including, 1.0.12, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Reflected Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the `Ds MerchantParameters` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ezoic plugin versions prior to 2.8.9 **Description** The issue allows for unauthenticated changes to plugin settings, leading to stored XSS. **Recommendations** For Ezoic plugin versions prior to 2.8.9, update to version 2.8.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ezoic plugin versions <= 2.8.8 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which can then be executed by other users. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Ezoic plugin versions <= 2.8.8, update to a version higher than 2.8.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tipsacarrier WordPress plugin versions prior to 1.5.0.5 **Description** The issue concerns a lack of authorization checks in certain functions, allowing unauthenticated users to access Orders data. This could potentially be used to retrieve client information, including full address, name, and phone number, via a tracking URL. **Recommendations** For versions prior to 1.5.0.5, update to version 1.5.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected functions until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PlausibleHQ Plausible Analytics (WordPress plugin) version 1.2.2 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) in the PlausibleHQ Plausible Analytics WordPress plugin. This type of attack occurs when an attacker injects malicious code into a website, and this code is stored on the server. When other users access the website, the malicious code is executed, potentially allowing the attacker to steal user data or take control of user sessions. The attack requires the perpetrator to have an admin or higher user role. **Recommendations** For PlausibleHQ Plausible Analytics (WordPress plugin) version 1.2.2 and earlier, update to a version later than 1.2.2 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Patreon WordPress plugin versions prior to 1.8.2 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the `Custom Patreon Page name` field, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Custom Patreon Page name` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HTML5 Responsive FAQ WordPress plugin versions 2.8.5 and earlier **Description** The issue concerns the improper sanitization and escaping of certain settings in the plugin, potentially allowing high-privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed. **Recommendations** For HTML5 Responsive FAQ WordPress plugin versions 2.8.5 and earlier, update to a version that properly sanitizes and escapes its settings to prevent Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** CorreosExpress WordPress plugin versions prior to 2.6.1 **Description** The issue allows access to sensitive information such as sender and receiver names, phone numbers, physical and email addresses due to publicly accessible log files generated by the plugin. **Recommendations** For CorreosExpress WordPress plugin versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SEUR Oficial WordPress plugin versions prior to 1.7.2 **Description** The issue allows downloading any file from the web server without restriction after knowing the URL and a password that an administrator can see in the plugin settings page. This is possible because the plugin creates a PHP file with a random name when installed, which is used for support purposes. **Recommendations** For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin settings page to minimize the risk of exploitation. Avoid using the password visible in the plugin settings page for any other purpose until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Crisp Live Chat WordPress plugin versions up to, and including 0.31 **Description** The issue is related to Cross-Site Request Forgery due to missing nonce validation via the `crisp plugin settings page` function found in the ~/crisp.php file. This made it possible for attackers to inject arbitrary web scripts. **Recommendations** For versions up to, and including 0.31, update to a version that includes the necessary nonce validation to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider disabling the `crisp plugin settings page` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SEUR Oficial WordPress plugin versions prior to 1.7.0 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of some settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CAOS | Host Google Analytics Locally WordPress plugin versions prior to 4.1.9 **Description** The issue allows high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin due to the lack of validation of the cache directory setting. **Recommendations** For versions prior to 4.1.9, update to version 4.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the uninstallation process of the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OMGF | Host Google Fonts Locally WordPress plugin versions prior to 4.5.12 **Description** The issue allows high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin due to the lack of validation of the cache directory setting. **Recommendations** For versions prior to 4.5.12, update to version 4.5.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the uninstallation process of the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fathom Analytics WordPress plugin versions up to and including 3.0.4 **Description** The issue arises from insufficient input validation and escaping via the `site id` parameter in the ~/fathom-analytics.php file, allowing attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where unfiltered html is disabled for administrators, and sites where unfiltered html is disabled. **Recommendations** For versions up to and including 3.0.4, update to a version that includes the necessary input validation and escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the ~/fathom-analytics.php file or disabling the `site id` parameter until a patch is available. Additionally, review and adjust the unfiltered html settings for administrators to minimize the risk of exploitation.