Khanh Nguyen

**Name of the Vulnerable Software and Affected Versions** The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions prior to 1.8.11.2 **Description** An Insecure Direct Object Reference and Authorization Bypass allows authenticated attackers with Subscriber-level access or higher to delete arbitrary attachments from the Media Library. The issue occurs during the profile avatar update flow because the `save avatar()` function in `Charitable Profile Form` calls `wp delete attachment()` using an attachment ID from the user's `avatar` meta without verifying ownership. Additionally, `Charitable Data Processor::process picture()` returns the raw posted value when no file is uploaded, enabling the `avatar` user meta to be poisoned with a target attachment ID. Exploitation involves a two-request chain: first poisoning the stored avatar meta value and then triggering the deletion through a standard avatar upload. **Recommendations** Update the plugin to version 1.8.11.2 or later. As a temporary workaround, restrict access to the profile avatar update functionality for users with Subscriber-level permissions.

**Name of the Vulnerable Software and Affected Versions** WordPress List Category Posts plugin versions through 0.91.0 **Description** The List category posts plugin for WordPress has a flaw where a time-based SQL Injection can occur through the `starting with` parameter of the catlist shortcode. This is due to inadequate escaping of user-provided input and insufficient preparation of the SQL query. Attackers with Contributor-level access or higher can add SQL queries to existing ones, potentially extracting sensitive information from the database. **Recommendations** Update the WordPress List Category Posts plugin to a version later than 0.91.0.

**Name of the Vulnerable Software and Affected Versions** Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7 through 8.1.2 **Description** The issue is related to insufficient input validation in the Infrastructure component of Oracle Financial Services Analytical Applications Infrastructure. This allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data and the ability to cause a partial denial of service. The vulnerability may significantly impact additional products. **Recommendations** For versions 8.0.7 through 8.1.2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Financial Services Behavior Detection Platform version 8.0.8.1 **Description** The issue is related to insufficient input validation in a subcomponent of the Oracle Financial Services Behavior Detection Platform, which is part of the Oracle Financial Services Applications. This can be exploited by a remote attacker with low privileges and network access via HTTP, potentially leading to unauthorized read access to a subset of accessible data. **Recommendations** For version 8.0.8.1, update to a version that includes a fix for this issue to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.