Liardom

Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer versions up to, and including, 1.9.8 Description: The issue is related to insufficient validation on the `pagelayer save content()` function, allowing authenticated attackers with Contributor-level access and above to bypass post moderation and publish posts to the site. Recommendations: For versions up to, and including, 1.9.8, update to a version that includes a fix for the insufficient validation in the `pagelayer save content()` function. As a temporary workaround, consider restricting access to the `pagelayer save content()` function to prevent unauthorized post publication.

**Name of the Vulnerable Software and Affected Versions** Pagelayer versions prior to 1.9.9 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `pagelayer save post` function. This allows unauthenticated attackers to modify post contents via a forged request if they can trick a site administrator into performing a specific action. **Recommendations** For versions prior to 1.9.9, update to version 1.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pagelayer save post` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Ultimate WordPress Auction Plugin versions prior to 4.3.0 **Description** The issue allows authenticated attackers with Contributor-level access and above to access functionality unauthorized, enabling them to delete arbitrary auctions, posts, and pages, and execute other actions related to auction handling. **Recommendations** For versions prior to 4.3.0, update to version 4.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SecuPress Free — WordPress Security plugin versions up to, and including, 2.2.5.3 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the `secupress check ban ips form` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.2.5.3, consider disabling the `secupress check ban ips form` shortcode until a patch is available to prevent exploitation. Restrict access to pages that utilize this shortcode to minimize the risk of arbitrary web script execution.

**Name of the Vulnerable Software and Affected Versions** Active Products Tables for WooCommerce versions 1.0.6.6 and earlier **Description** The issue is related to Reflected Cross-Site Scripting via the `shortcodes set` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions 1.0.6.6 and earlier, update to a version later than 1.0.6.6 to resolve the issue. As a temporary workaround, consider restricting access to the `shortcodes set` parameter to minimize the risk of exploitation. Avoid using the `shortcodes set` parameter in affected pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress versions up to, and including, 1.0.11 **Description** The issue is due to missing or incorrect nonce validation on the `save setting()` function. This makes it possible for unauthenticated attackers to update arbitrary options and achieve privilege escalation via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.0.11, update to a version higher than 1.0.11 to resolve the issue. As a temporary workaround, consider restricting access to the `save setting()` function until a patch is available. Avoid using the `save setting()` function in a way that could be exploited by an attacker, such as through a forged request.

**Name of the Vulnerable Software and Affected Versions** Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress versions up to, and including, 6.12.27 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `ecwid deactivate feedback()` function. This allows unauthenticated attackers to send deactivation messages on behalf of a site owner via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 6.12.27, consider disabling the `ecwid deactivate feedback()` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of Cross-Site Request Forgery attacks. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Media Library Folders plugin for WordPress versions up to, and including, 8.3.0 **Description** The issue is related to a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access and above to change plugin settings, such as IP-blocking. **Recommendations** For versions up to, and including, 8.3.0, update to a version higher than 8.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions related to plugin settings change until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress versions up to, and including, 1.4.4 **Description** The issue is related to unauthorized loss of data due to a missing capability check on the `delete network post()` function. This allows unauthenticated attackers to delete arbitrary posts and pages. **Recommendations** For versions up to, and including, 1.4.4, update to a version that includes a fix for the missing capability check on the `delete network post()` function. As a temporary workaround, consider disabling the `delete network post()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Meteor Slides plugin for WordPress versions up to and including 1.5.7 **Description** The issue is related to stored cross-site scripting, which occurs due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts in pages. The `slide url value` parameter is specifically vulnerable to this issue. When a user accesses an injected page, the arbitrary web scripts will execute. **Recommendations** For versions up to and including 1.5.7, update to a version higher than 1.5.7 to resolve the issue. As a temporary workaround, consider restricting access to the `slide url value` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Compare Products for WooCommerce plugin for WordPress versions up to, and including, 3.2.1 **Description** The issue concerns a PHP Object Injection vulnerability in the Compare Products for WooCommerce plugin for WordPress. This vulnerability occurs through the deserialization of untrusted input from the `woo compare list` cookie, allowing unauthenticated attackers to inject a PHP object. No known POP chain is present in the vulnerable software. However, if a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **Recommendations** For versions up to, and including, 3.2.1, update to a version higher than 3.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the `woo compare list` cookie to minimize the risk of exploitation. Additionally, review installed plugins and themes for potential POP chains that could exacerbate the vulnerability.

**Name of the Vulnerable Software and Affected Versions** SMSA Shipping plugin for WordPress versions up to, and including, 2.2 **Description** The SMSA Shipping plugin for WordPress has a flaw in the `smsa delete label()` function due to insufficient file path validation. This issue allows authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server. Such actions can lead to remote code execution when critical files, like `wp-config.php`, are deleted. **Recommendations** For versions up to, and including, 2.2, consider disabling the `smsa delete label()` function until a patch is available to prevent arbitrary file deletion. Restrict access to the plugin's functionality to minimize the risk of exploitation, especially for users with Subscriber-level access and above. Avoid using the plugin until an updated version that fixes the insufficient file path validation issue is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AI Post Generator | AutoWriter plugin for WordPress versions up to, and including, 3.5 **Description** The issue is related to a missing capability check on the `ai post generator delete Post` AJAX action. This allows authenticated attackers with Contributor-level access and above to delete arbitrary pages and posts. **Recommendations** For versions up to, and including, 3.5, update to a version that includes a fix for the missing capability check on the `ai post generator delete Post` AJAX action. As a temporary workaround, consider restricting access to the `ai post generator delete Post` AJAX action to prevent unauthorized data modification.

**Name of the Vulnerable Software and Affected Versions** Greenshift – animation and page builder blocks plugin for WordPress versions up to, and including, 9.9.9.3 **Description** The issue concerns insufficient restrictions on which posts can be included via the `wp reusable render` shortcode. This allows authenticated attackers with Contributor-level access and above to extract data from password-protected, private, or draft posts that they should not have access to. **Recommendations** For versions up to, and including, 9.9.9.3, consider disabling the `wp reusable render` shortcode until a patch is available to prevent exploitation. Restrict access to sensitive posts and ensure that only authorized users have Contributor-level access or above.

**Name of the Vulnerable Software and Affected Versions** Print Science Designer plugin for WordPress versions up to, and including, 1.3.152 **Description** The issue concerns a PHP Object Injection vulnerability in the Print Science Designer plugin for WordPress. This vulnerability arises from the deserialization of untrusted input through the `designer-saved-projects` cookie, allowing unauthenticated attackers to inject a PHP object. There is no known POP chain present in the vulnerable software. However, if a POP chain is present via an additional plugin or theme installed on the target system, it could enable the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **Recommendations** For versions up to, and including, 1.3.152, update to a version later than 1.3.152 to resolve the issue. As a temporary workaround, consider restricting access to the `designer-saved-projects` cookie to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Download Plugin versions up to, and including, 2.2.0 **Description** The issue allows authenticated attackers with Subscriber-level access and above to download any comment and metadata for any user, including sensitive information such as `username`, `email`, hashed passwords, application passwords, and session token information. This is due to missing capability checks on the `dpwap handle download user` and `dpwap handle download comment` functions. **Recommendations** For versions up to, and including, 2.2.0, consider disabling the `dpwap handle download user` and `dpwap handle download comment` functions until a patch is available to prevent unauthorized access to sensitive user data.

Name of the Vulnerable Software and Affected Versions: Material Design Icons plugin for WordPress versions up to, and including, 0.0.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the mdi-icon shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. Recommendations: For Material Design Icons plugin for WordPress versions up to, and including, 0.0.5, update to a version that addresses the insufficient input sanitization and output escaping issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.