Lesor101

**Name of the Vulnerable Software and Affected Versions** Login using WordPress Users (WP as SAML IDP) plugin for WordPress versions up to, and including, 1.15.6 **Description** The issue is a time-based SQL Injection vulnerability via the `id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 1.15.6, consider disabling the `id` parameter in the affected plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the `id` parameter in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: W3SPEEDSTER plugin for WordPress versions up to, and including, 7.26 Description: The issue allows for Remote Code Execution due to the plugin passing user-supplied input to `eval()`. This is possible via the `script` parameter of the `hookBeforeStartOptimization()` function, making it possible for authenticated attackers with Administrator-level access and above to execute code on the server. Recommendations: For versions up to, and including, 7.26, consider disabling the `hookBeforeStartOptimization()` function until a patch is available to prevent exploitation. Restrict access to the `script` parameter to minimize the risk of exploitation. Update to a version that fixes the issue, once available.

Name of the Vulnerable Software and Affected Versions: WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress versions up to, and including, 3.8.1 Description: The issue is related to time-based SQL Injection via the `linked user id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Recommendations: For versions up to, and including, 3.8.1, consider disabling the `linked user id` parameter until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of sensitive information extraction. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Prisna GWT – Google Website Translator plugin for WordPress versions up to, and including, 1.4.11 Description: The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input from the `prisna import` parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Recommendations: Update the Prisna GWT – Google Website Translator plugin for WordPress to a version later than 1.4.11 to fix the PHP Object Injection vulnerability. As a temporary workaround, consider restricting access to the `prisna import` parameter to minimize the risk of exploitation.