Kodai Kubono

**Name of the Vulnerable Software and Affected Versions** Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress versions up to, and including, 2.12.10 **Description** The issue is related to Cross-Site Request Forgery due to missing nonce validation on the `pmpro lifter save streamline option()` function. This allows unauthenticated attackers to enable the streamline setting with Lifter LMS via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.12.10, consider disabling the `pmpro lifter save streamline option()` function until a patch is available to prevent exploitation. Restrict access to the streamline setting with Lifter LMS to minimize the risk of unauthorized changes. Avoid using the affected function in administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress versions up to, and including, 2.2.1 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `ctf auto save tokens` function. This allows unauthenticated attackers to update the site's Twitter API token and secret via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.2.1, update to a version that includes the fix for the missing or incorrect nonce validation on the `ctf auto save tokens` function. As a temporary workaround, consider restricting access to the `ctf auto save tokens` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Clarity plugin for WordPress versions up to, and including, 0.9.3 **Description** The issue is related to Cross-Site Request Forgery due to missing nonce validation on the `edit clarity project id()` function. This allows unauthenticated attackers to change the project id and add malicious JavaScript via a forged request, provided they can trick a site administrator into performing a specific action, such as clicking on a link. **Recommendations** For versions up to, and including, 0.9.3, update to a version that includes nonce validation for the `edit clarity project id()` function to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the `edit clarity project id()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP 404 Auto Redirect to Similar Post plugin for WordPress versions up to, and including, 1.0.3 **Description** The issue is related to Reflected Cross-Site Scripting via the `request` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.0.3, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the `request` parameter to minimize the risk of injection of arbitrary web scripts.

**Name of the Vulnerable Software and Affected Versions** The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress versions up to, and including, 3.10.8 **Description** The issue is related to a missing capability check on the `wppb two factor authentication settings update` function, allowing unauthorized modification of data. This enables unauthenticated attackers to enable or disable the 2FA functionality for arbitrary user roles in the Premium version of the plugin. **Recommendations** For versions up to, and including, 3.10.8, update to a version later than 3.10.8 to resolve the issue. As a temporary workaround, consider disabling the `wppb two factor authentication settings update` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress versions up to, and including, 2.12.7 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `pmpro update level order()` function. This allows unauthenticated attackers to update the order of levels via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.12.7, update to a version higher than 2.12.7 to resolve the issue. As a temporary workaround, consider disabling the `pmpro update level order()` function until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's level order update feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VK Block Patterns plugin for WordPress versions up to, and including, 1.31.1.1 **Description** The issue is due to missing or incorrect nonce validation on the `vbp clear patterns cache()` function, making it possible for unauthenticated attackers to clear the patterns cache via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.31.1.1, consider disabling the `vbp clear patterns cache()` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of cache clearance via forged requests. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.