Kishan Vyas

**Name of the Vulnerable Software and Affected Versions** WP GDPR Cookie Consent versions prior to 1.0.1 **Description** The plugin is subject to Stored Cross-Site Scripting. Authenticated attackers with subscriber-level access or higher can inject arbitrary web scripts into pages. This occurs because the `handleAjaxCalls()` function lacks capability and nonce checks for the 'ninja gdpr ajax actions' AJAX action. Additionally, there is insufficient input sanitization for `gdprConfig` values and a lack of output escaping in the `generateCSS()` function, which echoes stored configuration values directly into a style block rendered on the page head. **Recommendations** Update to a version later than 1.0.0. As a temporary mitigation, restrict access to the 'ninja gdpr ajax actions' AJAX action or disable the `handleAjaxCalls()` function.

**Name of the Vulnerable Software and Affected Versions** Advanced Custom Fields: Extended versions prior to 0.9.2.4 **Description** The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to execute arbitrary shortcodes. This occurs because the software fails to properly validate a value before it is processed by the `do shortcode()` function. **Recommendations** Update to a version later than 0.9.2.3.

**Name of the Vulnerable Software and Affected Versions** Everest Forms Pro versions through 1.9.10 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Cross-site Scripting (XSS). This specific instance is a Stored XSS, meaning malicious scripts can be stored on the target server and executed by other users. The affected component allows an attacker to inject malicious code into web pages. The vulnerable parameter is not specified. **Recommendations** Update Everest Forms Pro to a version later than 1.9.10.

**Name of the Vulnerable Software and Affected Versions** wpeverest User Registration versions through 4.4.9 **Description** An issue exists in wpeverest User Registration related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation due to inadequate access control. **Recommendations** Update wpeverest User Registration to a version later than 4.4.9.

**Name of the Vulnerable Software and Affected Versions** Social Reviews & Recommendations plugin for WordPress versions prior to 2.6 **Description** The Social Reviews & Recommendations plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in several parameters within the `trim text` function. This allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update to version 2.6 or later.

**Name of the Vulnerable Software and Affected Versions** Rich Shortcodes for Google Reviews plugin for WordPress versions prior to 6.8 **Description** The Rich Shortcodes for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping of Google Review content. This allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. A partial patch was released in version 6.6.2. **Recommendations** Update to a version later than 6.8.

**Name of the Vulnerable Software and Affected Versions** Widgets for Google Reviews versions prior to 13.2.5 **Description** The Widgets for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping when handling Google Reviews data. This allows unauthenticated attackers to inject arbitrary web scripts. These scripts will execute in the admin panel and potentially on the frontend when a user accesses imported reviews, provided the attacker can add a malicious review to a Google Place connected to the vulnerable site. **Recommendations** Update Widgets for Google Reviews to version 13.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin for WordPress versions up to and including 3.20.3 **Description** The WP Social Ninja plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping of externally-sourced content. This allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses a page containing the injected content, provided the attacker can post malicious content to a connected Google Business Profile or Facebook page. **Recommendations** Update the WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets plugin to a version later than 3.20.3.

**Name of the Vulnerable Software and Affected Versions** The Classified Listing – Classified ads & Business Directory Plugin versions prior to 5.0.4 **Description** The Classified Listing – Classified ads & Business Directory Plugin for WordPress is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate input before executing the `do shortcode` function. Authenticated attackers with Subscriber-level access or higher can exploit this to execute arbitrary shortcodes. **Recommendations** Update The Classified Listing – Classified ads & Business Directory Plugin to version 5.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Strong Testimonials plugin for WordPress versions prior to 3.2.17 **Description** The Strong Testimonials plugin for WordPress is susceptible to arbitrary shortcode execution. The software does not properly validate or sanitize user-submitted testimonial values before passing them to a `do shortcode` call. This allows unauthenticated attackers to execute arbitrary shortcodes when an administrator previews or publishes a crafted testimonial. **Recommendations** Update to version 3.2.17 or later.

**Name of the Vulnerable Software and Affected Versions** The Discussion Board – WordPress Forum Plugin versions prior to 2.5.5 **Description** The software allows users to execute an action that does not properly validate a value before running `do shortcode`. This can allow authenticated attackers with Subscriber-level access and above to execute arbitrary shortcodes. **Recommendations** Update to version 2.5.5 or later.

**Name of the Vulnerable Software and Affected Versions** The Motors – Car Dealership & Classified Listings Plugin versions prior to 1.4.89 **Description** The software is susceptible to arbitrary file deletion because of inadequate file path validation when deleting profile pictures. An authenticated attacker with Subscriber-level access or higher can delete arbitrary files on the server. Deleting specific files, such as `wp-config.php`, could lead to remote code execution. **Recommendations** Update The Motors – Car Dealership & Classified Listings Plugin to version 1.4.89 or later.

**Name of the Vulnerable Software and Affected Versions** WP User Frontend versions through 4.1.11 **Description** An improper control of generation of code issue, specifically a code injection, exists in WP User Frontend. This allows for code injection. **Recommendations** Update WP User Frontend to a version later than 4.1.11.

**Name of the Vulnerable Software and Affected Versions** AWP Classifieds versions through 4.3.5 **Description** A flaw exists in Strategy11 Team AWP Classifieds that allows code injection due to improper neutralization of script-related HTML tags on a web page. This is a Basic Cross-Site Scripting (XSS) issue. **Recommendations** Update AWP Classifieds to a version later than 4.3.5.

**Name of the Vulnerable Software and Affected Versions** WP User Frontend versions through 4.1.11 **Description** An authorization issue exists in WP User Frontend, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update WP User Frontend to a version later than 4.1.11.

**Name of the Vulnerable Software and Affected Versions** User Meta – User Profile Builder and User management plugin versions prior to 3.1.3 **Description** The plugin is susceptible to arbitrary file deletion due to inadequate file path validation within the `postInsertUserProcess` function. Authenticated attackers possessing Subscriber-level access or higher can delete arbitrary files on the server. Deletion of specific files, such as `wp-config.php`, could lead to remote code execution. **Recommendations** Update User Meta – User Profile Builder and User management plugin to version 3.1.3 or later.

Name of the Vulnerable Software and Affected Versions: The WP-Members Membership Plugin versions prior to 3.5.4.3 Description: The WP-Members Membership Plugin is susceptible to arbitrary shortcode execution. This occurs because the software does not properly validate a value before running `do shortcode`. Authenticated attackers with Subscriber-level access or higher can exploit this to execute arbitrary shortcodes. Recommendations: Update The WP-Members Membership Plugin to a version prior to 3.5.4.3.

**Name of the Vulnerable Software and Affected Versions** PickPlugins Job Board Manager versions through 2.1.61 **Description** An improper control of generation of code ('Code Injection') vulnerability exists in PickPlugins Job Board Manager. This vulnerability allows code injection. **Recommendations** Update PickPlugins Job Board Manager to a version later than 2.1.61.

Name of the Vulnerable Software and Affected Versions: ProfilePress versions prior to 4.16.5 Description: The ProfilePress WordPress plugin is susceptible to arbitrary shortcode execution. The software does not properly validate a value before running `do shortcode`, allowing unauthenticated attackers to execute arbitrary shortcodes. This could potentially allow attackers to modify user data or steal information. Recommendations: Update to ProfilePress version 4.16.5 or later.

Name of the Vulnerable Software and Affected Versions: WP Register Profile With Shortcode versions up to and including 3.6.2 Description: The WP Register Profile With Shortcode plugin for WordPress is susceptible to sensitive information exposure via the `rp user data` shortcode. Authenticated attackers with Contributor-level access or higher can extract sensitive data from user meta, including hashed passwords and usernames. Recommendations: Update WP Register Profile With Shortcode to a version later than 3.6.2.