Lucas De Souza

**Name of the Vulnerable Software and Affected Versions** All-in-One WP Migration WordPress plugin versions prior to 7.63 **Description** The issue allows an attacker to craft a request that, when submitted by any visitor, will inject arbitrary HTML or JavaScript into the response, which will be executed in the victim's session. This requires knowledge of a static secret key. The problem arises from the wrong content type being used and the response from the `ai1wm export` AJAX action not being properly escaped. **Recommendations** For versions prior to 7.63, update to version 7.63 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ai1wm export` AJAX action until a patch is available. Avoid using the All-in-One WP Migration WordPress plugin with untrusted visitors until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Classima WordPress theme versions prior to 2.1.11 Classified Listing versions prior to 2.2.14 Classified Listing Pro versions prior to 2.0.20 Classified Listing Store & Membership versions prior to 1.4.20 Classima Core versions prior to 1.10 **Description** The issue is related to Reflected Cross-Site Scripting, where a parameter is not properly escaped before being outputted back in attributes. This can lead to malicious scripts being executed. **Recommendations** For Classima WordPress theme version prior to 2.1.11, update to version 2.1.11 or later. For Classified Listing version prior to 2.2.14, update to version 2.2.14 or later. For Classified Listing Pro version prior to 2.0.20, update to version 2.0.20 or later. For Classified Listing Store & Membership version prior to 1.4.20, update to version 1.4.20 or later. For Classima Core version prior to 1.10, update to version 1.10 or later.

**Name of the Vulnerable Software and Affected Versions** Classified Listing Pro WordPress plugin versions prior to 2.0.20 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly escape a generated URL before outputting it back in an attribute on an admin page. This can lead to malicious scripts being executed. **Recommendations** For versions prior to 2.0.20, update to version 2.0.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the vulnerability occurs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Download Monitor WordPress plugin versions prior to 4.5.91 **Description** The issue allows high privilege users, such as administrators, to download sensitive files like `wp-config.php` or `/etc/passwd`, even in hardened environments or multisite setups, because it does not ensure that files to be downloaded are inside the blog folders and not sensitive. **Recommendations** For versions prior to 4.5.91, update to version 4.5.91 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.