Lucky_Buddy

**Name of the Vulnerable Software and Affected Versions** OTP Login With Phone Number, OTP Verification plugin for WordPress versions 1.8.50 through 1.8.60 **Description** An authentication bypass exists due to the Firebase verification flow in the 'lwp ajax register' AJAX handler not binding the Firebase session to the phone number supplied in the request. The `idehweb lwp activate through firebase()` function validates the legitimacy of a Firebase OTP session, but it fails to compare the `phoneNumber` returned by Firebase against the victim's stored phone number. This allows unauthenticated attackers to authenticate as any user with a phone number stored in user meta, including administrators, by verifying their own Firebase session and providing the victim's phone number in the request. **Recommendations** Update the plugin to a version later than 1.8.60. As a temporary workaround, restrict access to the 'lwp ajax register' AJAX handler to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin versions prior to 1.6.11.6 **Description** The plugin for WordPress is susceptible to a denial of service. An unauthenticated attacker can exhaust PHP worker processes, preventing legitimate users from accessing the site. This occurs because the REST API endpoint "/wp-json/ssa/v1/async" invokes the PHP `sleep()` function using a user-supplied `delay` parameter without implementing rate limiting. **Recommendations** Update to a version later than 1.6.11.5. As a temporary workaround, restrict access to the "/wp-json/ssa/v1/async" endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions Product Feed PRO for WooCommerce by AdTribes versions 13.4.6 through 13.5.2.1 Description The Product Feed PRO for WooCommerce plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation. Specifically, the `ajax migrate to custom post type`, `ajax adt clear custom attributes product meta keys`, `ajax update file url to lower case`, `ajax use legacy filters and rules`, and `ajax fix duplicate feed` functions are affected. Successful exploitation allows unauthenticated attackers to trigger actions like feed migration, clearing caches, rewriting file URLs, toggling settings, and deleting posts by tricking a site administrator into performing an action. Recommendations For versions 13.4.6 through 13.5.2.1, ensure nonce validation is implemented correctly for the `ajax migrate to custom post type`, `ajax adt clear custom attributes product meta keys`, `ajax update file url to lower case`, `ajax use legacy filters and rules`, and `ajax fix duplicate feed` functions.

**Name of the Vulnerable Software and Affected Versions** NewsBlogger versions 0.2.5.6 through 0.2.6.1 **Description** The NewsBlogger WordPress theme is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the `newsblogger install and activate plugin()` function. This allows unauthenticated attackers to potentially upload arbitrary files and achieve remote code execution by deceiving a site administrator into performing an action, such as clicking a malicious link. This issue represents a regression of a previous fix. **Recommendations** NewsBlogger version 0.2.5.6: Update to a newer version. NewsBlogger version 0.2.5.7: Update to a newer version. NewsBlogger version 0.2.5.8: Update to a newer version. NewsBlogger version 0.2.5.9: Update to a newer version. NewsBlogger version 0.2.6.0: Update to a newer version. NewsBlogger version 0.2.6.1: Update to a newer version.

The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

**Name of the Vulnerable Software and Affected Versions** Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress versions up to and including 2.0.39 **Description** The plugin does not properly validate that an One-Time Password (OTP) was generated before comparing it to user input within the `user verification form wrap process otpLogin` function. This allows unauthenticated attackers to log in as any user with a verified email address, including administrators, by submitting an empty OTP value. **Recommendations** Versions up to and including 2.0.39 should be updated to a newer, fixed version when available. As a temporary workaround, consider disabling the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Export All Posts, Products, Orders, Refunds & Users plugin for WordPress versions prior to 2.20 **Description** The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is susceptible to Cross-Site Request Forgery. This is because of inadequate or absent nonce validation within the `parseData` function. Successful exploitation allows unauthenticated attackers to export sensitive information, including user data, email addresses, password hashes, and WooCommerce data. The attacker can specify an attacker-controlled file path on the server for the exported data, requiring a site administrator to perform an action, such as clicking a malicious link, to complete the attack. **Recommendations** Update the Export All Posts, Products, Orders, Refunds & Users plugin to version 2.20 or later.

**Name of the Vulnerable Software and Affected Versions** Booster for WooCommerce versions up to and including 7.2.4 **Description** The Booster for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the `add files to order` function. This allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution on the affected server, contingent upon specific configuration settings that execute the first file extension present. **Recommendations** Update Booster for WooCommerce to a version later than 7.2.4.

**Name of the Vulnerable Software and Affected Versions** RelyWP Coupon Affiliates versions through 6.4.0 **Description** The software contains a Cross-Site Request Forgery (CSRF) flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge. **Recommendations** Versions prior to 6.4.0 are affected.

Name of the Vulnerable Software and Affected Versions: (Simply) Guest Author Name versions n/a through 4.36 Description: The issue is related to improper neutralization of input during web page generation, which allows DOM-Based XSS. This enables potential attackers to execute malicious scripts in the context of the affected web page. Recommendations: For versions n/a through 4.36, update to a version that addresses the improper neutralization of input during web page generation to prevent DOM-Based XSS attacks.

Name of the Vulnerable Software and Affected Versions: FormLift for Infusionsoft Web Forms versions through 7.5.20 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For FormLift for Infusionsoft Web Forms versions through 7.5.20, update to a version later than 7.5.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ThemeHigh Dynamic Pricing and Discount Rules versions 2.2.9 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed. This can lead to security breaches where an attacker can trick a user into performing unintended actions on the web application. **Recommendations** For ThemeHigh Dynamic Pricing and Discount Rules versions 2.2.9 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sola Support Ticket versions 3.17 and earlier **Description** The issue is related to a Missing Authorization vulnerability in SolaPlugins Sola Support Ticket, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Sola Support Ticket versions 3.17 and earlier, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability. As a temporary workaround, consider reviewing and correcting the access control security levels configuration to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce versions through 2.0.3 Description: A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions. Recommendations: For versions through 2.0.3, update to a version later than 2.0.3 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Japanized For WooCommerce versions 2.6.40 and earlier Description: A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This issue can be exploited by tricking a user into performing an unintended action on the web application. Recommendations: For versions 2.6.40 and earlier, update to a version later than 2.6.40 to resolve the issue. As a temporary workaround, consider implementing additional validation checks on requests to prevent unauthorized actions. Restrict access to sensitive functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ThimPress WP Hotel Booking versions n/a through 2.1.9 **Description** A Cross-Site Request Forgery (CSRF) issue affects ThimPress WP Hotel Booking, allowing unauthorized actions to be performed on behalf of a user. **Recommendations** For versions n/a through 2.1.9, update to a version later than 2.1.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ldrumm Unsafe Mimetypes versions 0.1.4 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts stored on the server. **Recommendations** For ldrumm Unsafe Mimetypes versions 0.1.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advanced Dynamic Pricing for WooCommerce versions n/a through 4.9.3 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions n/a through 4.9.3, update to a version later than 4.9.3 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Trio Conditional Shipping for WooCommerce versions 3.4.0 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing a specific action, such as clicking a link or submitting a form, that the attacker has crafted to exploit the vulnerability. **Recommendations** For versions 3.4.0 and earlier, update to a version that includes a fix for this issue, as no specific workaround or mitigation measures are provided.

**Name of the Vulnerable Software and Affected Versions** WP Trio Conditional Payments for WooCommerce versions 3.3.0 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue allows unauthorized actions to be performed on behalf of a user. This can lead to various security problems, including unauthorized changes to user accounts or other malicious activities. **Recommendations** For versions 3.3.0 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.