M0Ze

**Name of the Vulnerable Software and Affected Versions** Zoner Real Estate version 4.1.1 **Description** A persistent cross-site scripting issue exists where authenticated agents can inject malicious JavaScript payloads through the `Address` input field during property creation. These scripts execute when administrators view the property for approval, which can lead to session hijacking and cookie theft. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Live Chat Unlimited version 2.8.3 **Description** A stored cross-site scripting issue allows unauthenticated attackers to inject malicious scripts via the chat input field. By submitting payloads containing script tags and event handlers, attackers can execute code within the admin area, which may lead to cookie theft or forced redirects to malicious websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GigToDo version 1.3 **Description** A persistent cross-site scripting issue allows authenticated attackers to inject malicious HTML and JavaScript code. This occurs via the proposal description field through the 'create proposal' endpoint. The injected code executes when administrators or other users view the stored proposal, which can lead to malicious redirects and the theft of cookies. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Biplob018 Shortcode Addons plugin versions 3.1.2 and earlier **Description** The issue allows authenticated options change in the Biplob018 Shortcode Addons plugin at WordPress. **Recommendations** For Biplob018 Shortcode Addons plugin versions 3.1.2 and earlier, update to a version later than 3.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Biplob Adhikari's Flipbox plugin versions <= 2.6.0 **Description** The issue concerns an authenticated WordPress options change vulnerability. It is related to Biplob Adhikari's Flipbox plugin at WordPress. **Recommendations** For Biplob Adhikari's Flipbox plugin versions <= 2.6.0, update to a version greater than 2.6.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Biplob Adhikari's Tabs plugin versions <= 3.6.0 **Description** The issue is related to an authenticated WordPress Options Change vulnerability. It affects Biplob Adhikari's Tabs plugin at WordPress, where a high-role user can authenticate and change options. **Recommendations** For Biplob Adhikari's Tabs plugin versions <= 3.6.0, update to a version higher than 3.6.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Social Share Buttons by Supsystic plugin versions 2.2.3 and earlier **Description** The issue concerns Multiple Broken Access Control vulnerabilities. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Social Share Buttons by Supsystic plugin versions 2.2.3 and earlier, update to a version later than 2.2.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wpWax Team plugin versions 1.2.6 and earlier **Description** The issue concerns multiple authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities require an attacker to have at least a contributor or higher user role. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For wpWax Team plugin versions 1.2.6 and earlier, update to a version later than 1.2.6 to resolve the issue. As a temporary workaround, consider restricting access to the plugin for users with contributor or higher roles until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Social Share Buttons by Supsystic plugin versions 2.2.3 and earlier **Description** The issue concerns multiple authenticated SQL Injection vulnerabilities. These vulnerabilities can be exploited by users with a subscriber or higher user role. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Social Share Buttons by Supsystic plugin versions 2.2.3 and earlier, update to a version later than 2.2.3 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** biplob018's Shortcode Addons plugin versions 3.0.2 and earlier **Description** The issue is related to an Unauthenticated Arbitrary Option Update vulnerability. This allows for unauthorized modifications to options. **Recommendations** For versions 3.0.2 and earlier, update to a version later than 3.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Biplob Adhikari's Accordions plugin versions <= 2.0.2 **Description** The issue concerns an Unauthenticated WordPress Options Change vulnerability. This allows unauthorized changes to WordPress options. **Recommendations** For Biplob Adhikari's Accordions plugin versions <= 2.0.2, update to a version higher than 2.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Download Manager Plugin for WordPress versions up to, and including 3.2.42 **Description** The issue is related to reflected Cross-Site Scripting due to insufficient input sanitization and output escaping on the `frameid` parameter found in the ~/src/Package/views/shortcode-iframe.php file. **Recommendations** For versions up to, and including 3.2.42, consider disabling the `frameid` parameter in the ~/src/Package/views/shortcode-iframe.php file as a temporary workaround until a patch is available. Restrict access to the ~/src/Package/views/shortcode-iframe.php file to minimize the risk of exploitation. Avoid using the `frameid` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UpdraftPlus WordPress Backup Plugin versions prior to 1.6.59 **Description** The issue allows high privilege users to set malicious JavaScript payload due to a lack of sanitization in the `updraft service` settings, leading to a Stored Cross-Site Scripting issue. **Recommendations** For versions prior to 1.6.59, update to version 1.6.59 or later to resolve the issue. As a temporary workaround, consider restricting access to the `updraft service` settings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: NewsOne CMS version 1.1.0 Description: The issue allows attackers to upload arbitrary files, potentially leading to webshell uploads and the execution of arbitrary commands. This is due to a vulnerability in the file upload component, specifically the `user image` input field. Recommendations: For NewsOne CMS version 1.1.0, consider disabling the file upload feature, particularly the `user image` component, until a patch is available to prevent potential exploitation. Restrict access to this component to minimize the risk of arbitrary command execution.

**Name of the Vulnerable Software and Affected Versions** RSS for Yandex Turbo WordPress plugin versions 1.30 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting problem. It occurs because some settings are not properly sanitised or escaped before being saved and output in the admin dashboard. This can happen even when the unfiltered html capability is disallowed. **Recommendations** For RSS for Yandex Turbo WordPress plugin versions 1.30 and earlier, update to a version later than 1.30 to resolve the issue. At the moment, there is no information about other versions that contain a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** myStickymenu WordPress plugin versions prior to 2.5.2 **Description** The issue allows high privilege users to use malicious JavaScript in the Bar Text settings, leading to a Stored Cross-Site Scripting issue. This issue will be triggered in the plugin's setting, as well as all front-page of the blog when the Welcome bar is active. **Recommendations** For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Bar Text settings to prevent high privilege users from injecting malicious JavaScript.

**Name of the Vulnerable Software and Affected Versions** Speed Booster Pack PageSpeed Optimization Suite WordPress plugin versions prior to 4.2.0 **Description** The issue arises from the plugin not validating its `caching exclude urls` and `caching include query strings` settings before outputting them in a PHP file, which could lead to remote code execution (RCE). **Recommendations** For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings that handle `caching exclude urls` and `caching include query strings` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Related Posts for WordPress plugin versions 2.0.4 and earlier **Description** The issue allows high privilege users, such as admins, to set XSS payloads in the `heading text` and CSS settings due to a lack of sanitization, leading to Stored Cross-Site Scripting issues. **Recommendations** For versions 2.0.4 and earlier, update to a version that addresses the sanitization issue in the `heading text` and CSS settings to prevent Stored Cross-Site Scripting. As a temporary workaround, consider restricting access to the settings that allow modification of `heading text` and CSS to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP JobSearch WordPress plugin versions prior to 1.7.4 **Description** The issue allows low privilege users to use JavaScript payloads in parameters from the my-resume page, leading to a Stored Cross-Site Scripting issue. This is because the plugin did not sanitise or escape multiple of its parameters before outputting them in the page. **Recommendations** For WP JobSearch WordPress plugin versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the my-resume page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Smooth Scroll Page Up/Down Buttons WordPress plugin versions 1.4 and earlier **Description** The issue allows high privilege users, such as admins, to set an XSS payload in the psb positioning settings, which will be executed in all pages of the blog. This occurs due to the plugin's failure to properly sanitise and validate its settings. **Recommendations** For Smooth Scroll Page Up/Down Buttons WordPress plugin versions 1.4 and earlier, update to a version that properly sanitises and validates the psb positioning settings to prevent XSS payload execution.