Luca Greeb

**Name of the Vulnerable Software and Affected Versions** Active Directory Integration / LDAP Integration plugin for WordPress versions up to, and including, 4.1.5 **Description** The issue is related to insufficient escaping on the supplied `username` value, which makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory. This is due to the plugin's failure to properly neutralize special elements in the LDAP query when processing the `username` parameter. **Recommendations** For versions up to, and including, 4.1.5, update to a version that properly escapes the `username` value to prevent LDAP injection attacks. As a temporary workaround, consider restricting access to the LDAP directory or implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple:Press plugin for WordPress versions up to, and including, 6.8 **Description** The issue allows for Stored Cross-Site Scripting via the `postitem` parameter when modifying a profile signature. This is due to insufficient input sanitization and output escaping, making it possible to inject object and embed tags. Authenticated attackers with minimal permissions can inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 6.8, consider disabling the profile signature modification feature until a patch is available to prevent exploitation. Restrict access to the `postitem` parameter to minimize the risk of arbitrary web script injection. Avoid using the `postitem` parameter in the profile-save action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Simple:Press plugin for WordPress versions up to, and including, 6.8 **Description** The issue is related to Reflected Cross-Site Scripting via the `sforum [md5 hash of the WordPress URL]` cookie value due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The exploitation of this issue would be highly complex as it requires the attacker to set a cookie for the targeted user. **Recommendations** For versions up to, and including, 6.8, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `sforum [md5 hash of the WordPress URL]` cookie value to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple:Press plugin for WordPress versions up to, and including, 6.8 **Description** The issue allows attackers with minimal permissions, such as a subscriber, to manipulate the `file` parameter during user avatar deletion, enabling them to supply paths to arbitrary files on the server that will subsequently be deleted. This can be used to delete the wp-config.php file, allowing an attacker to configure the site and achieve remote code execution. **Recommendations** For versions up to, and including, 6.8, consider disabling the user avatar deletion feature until a patch is available. Restrict access to the `file` parameter to minimize the risk of exploitation. Avoid using the `file` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple:Press plugin for WordPress versions up to, and including, 6.8 **Description** The issue allows for arbitrary file modifications via the `file` parameter, which does not properly restrict files to be edited in the context of the plugin. This makes it possible for attackers with high-level permissions, such as an administrator, to supply paths to arbitrary files on the server that can be modified outside of the intended scope of the plugin. **Recommendations** For versions up to, and including, 6.8, consider disabling the `file` parameter functionality until a patch is available to prevent arbitrary file modifications. Restrict access to the plugin's file editing functionality to minimize the risk of exploitation. Avoid using the `file` parameter in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple:Press plugin for WordPress versions up to, and including, 6.8 **Description** The issue concerns Stored Cross-Site Scripting via the `postitem` parameter manipulated during a forum response. This is due to insufficient input sanitization and output escaping, making it possible to inject object and embed tags. Unauthenticated attackers can inject arbitrary web scripts in pages when responding to forum threads, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 6.8, consider disabling the `postitem` parameter in forum responses until a patch is available. Restrict access to forum threads to minimize the risk of exploitation. Avoid using the `postitem` parameter in forum responses until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quiz and Survey Master plugin for WordPress versions up to, and including, 8.0.4 **Description** The issue is related to input validation bypass via the `question[id]` parameter. Insufficient input validation allows attackers to inject content other than the specified value, such as a number or file path, making it possible for attackers to submit values other than the intended input type. **Recommendations** For versions up to, and including, 8.0.4, consider restricting the input for the `question[id]` parameter to prevent injection of unauthorized content until a patch is available. As a temporary workaround, ensure that all inputs are thoroughly validated to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Appointment Hour Booking Plugin for WordPress versions up to, and including, 1.3.72 **Description** The issue allows unauthenticated attackers to embed untrusted input into content during booking creation, which may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. **Recommendations** For versions up to, and including, 1.3.72, update to a version later than 1.3.72 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Appointment Hour Booking plugin for WordPress versions up to, and including, 1.3.72 **Description** The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject iFrame tags via the `email` or general field parameters. This enables attackers to inject iFrames when submitting a booking, which will execute whenever a user accesses the injected booking details page. **Recommendations** For versions up to, and including, 1.3.72, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent iFrame injection attacks. As a temporary workaround, consider restricting access to the booking details page or disabling the submission of bookings until a patch is available. Avoid using the `email` and general field parameters in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Appointment Hour Booking plugin for WordPress versions up to, and including, 1.3.72 **Description** The issue is related to a CAPTCHA bypass due to the use of an insufficiently strong hashing algorithm on the CAPTCHA secret. This secret is also displayed to the user via a cookie. **Recommendations** For versions up to, and including, 1.3.72, update to a version that uses a sufficiently strong hashing algorithm for the CAPTCHA secret. As a temporary workaround, consider restricting access to the CAPTCHA functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Quiz and Survey Master plugin for WordPress versions up to, and including, 8.0.4 **Description** The issue arises from insufficient input sanitization and output escaping, allowing iframe tags to be injected via the `question[id]` parameter. This enables unauthenticated attackers to inject iFrames into pages, which will execute when a user accesses the injected page. **Recommendations** For versions up to, and including, 8.0.4, consider disabling the `question[id]` parameter until a patch is available to prevent iFrame injection. Restrict access to the affected plugin to minimize the risk of exploitation. Avoid using the `question[id]` parameter in affected pages until the issue is resolved.