Mallory Adams

Name of the Vulnerable Software and Affected Versions: Quiz-master-next plugin versions prior to 4.7.9 for WordPress Description: The issue allows for Cross-Site Request Forgery (CSRF) with resultant stored Cross-Site Scripting (XSS) via the `question name` parameter. This occurs because the js/admin question.js file mishandles parsing inside of a SCRIPT element. Recommendations: For versions prior to 4.7.9, update to version 4.7.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the `question name` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Private Only plugin version 3.5.1 for WordPress Description: The issue allows remote attackers to hijack the authentication of administrators for various requests, including adding users, deleting posts, or modifying PHP files. Additionally, it enables cross-site scripting (XSS) attacks via the `po logo` parameter in the "privateonly.php" page to "wp-admin/options-general.php". Recommendations: For Private Only plugin version 3.5.1, update to a version that addresses these issues to prevent CSRF and XSS attacks. As a temporary workaround, consider restricting access to the privateonly.php page and the wp-admin/options-general.php endpoint to minimize the risk of exploitation. Avoid using the `po logo` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Plotly plugin versions prior to 1.0.3 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via a post, which can lead to cross-site scripting (XSS). Recommendations: For Plotly plugin versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** buddypress-activity-plus plugin version 1.6.1 and earlier **Description** The issue concerns a CSRF vulnerability with resultant directory traversal. This occurs via the "wp-admin/admin-ajax.php" API endpoint, specifically through the `bpfb photos[]` parameter in a `bpfb remove temp images` action. **Recommendations** For versions 1.6.1 and earlier, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bpfb remove temp images` action and the `bpfb photos[]` parameter in the "wp-admin/admin-ajax.php" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress oauth2-provider plugin versions prior to 3.1.5 **Description** The issue is related to the incorrect generation of random numbers in the oauth2-provider plugin for WordPress. **Recommendations** For versions prior to 3.1.5, update the oauth2-provider plugin to version 3.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** copy-me plugin version 1.0.0 **Description** The issue concerns a CSRF problem in the copy-me plugin for WordPress, allowing non-public posts to be copied to a public location. **Recommendations** For version 1.0.0, consider disabling the copy-me plugin until a patch is available to prevent exploitation of the CSRF issue.

**Name of the Vulnerable Software and Affected Versions** multisite-post-duplicator plugin versions prior to 1.1.3 **Description** The issue concerns a CSRF vulnerability in the multisite-post-duplicator plugin for WordPress. It affects the `wp-admin/tools.php?page=mpd` endpoint. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp-admin/tools.php?page=mpd` endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Social Pug - Easy Social Share Buttons plugin versions prior to 1.2.6 **Description** The issue allows for XSS via the `dpsp message class` parameter in the "wp-admin/admin.php?page=dpsp-toolkit" API endpoint. **Recommendations** For Social Pug - Easy Social Share Buttons plugin versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP User Groups versions 2.0.0 through 2.1.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page, which can be exploited to modify user groups and types. This can occur when an Admin clicks on a malicious link. **Recommendations** For WP User Groups versions 2.0.0 through 2.1.0, update to version 2.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tooltipy (tooltips for WP) version 5 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page, which could allow anybody to duplicate posts. This attack appears to be exploitable via an Admin following a link. **Recommendations** For version 5, update to version 5.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Metronet Tag Manager versions 1.2.7 through 1.2.8 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability located in the Settings page at the "/wp-admin/options-general.php?page=metronet-tag-manager" endpoint. This vulnerability can be exploited when a logged-in user follows a malicious link, potentially allowing an attacker to perform actions with admin privileges. **Recommendations** For Metronet Tag Manager versions 1.2.7 through 1.2.8, update to version 1.2.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tooltipy Tooltipy (tooltips for WP) versions prior to 5.1 **Description** The issue allows for Cross Site Scripting (XSS) in the Glossary shortcode, potentially enabling an attacker to perform actions with admin privileges. The attack is exploitable when an admin follows a link. **Recommendations** For versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Glossary shortcode until the update is applied. Avoid following suspicious links, especially when logged in as an admin.

**Name of the Vulnerable Software and Affected Versions** WP ULike versions 2.8.1 through 3.1 **Description** The issue is related to Incorrect Access Control in AJAX, allowing anybody to delete any row in certain tables. This can be exploited by making an AJAX request. **Recommendations** For WP ULike versions 2.8.1 through 3.1, update to version 3.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Image Zoom versions prior to 1.24 **Description** The issue is related to Incorrect Access Control in AJAX settings, which can lead to a denial of service. This can be triggered intentionally or unintentionally via CSRF by any logged-in user. **Recommendations** For WP Image Zoom versions prior to 1.24, update to version 1.24 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP ULike versions 2.8.1 through 3.1 **Description** The issue allows unauthorized users to perform administrative actions due to a Cross Site Scripting (XSS) vulnerability in the Settings screen. This can be exploited when an admin visits the logs page. **Recommendations** For WP ULike versions 2.8.1 through 3.1, update to version 3.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP HTML Sitemap plugin version 1.2 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that delete the sitemap via a request to the "wp-html-sitemap" page in "wp-admin/options-general.php". **Recommendations** For WP HTML Sitemap plugin version 1.2, consider disabling access to the wp-admin/options-general.php page until a patch is available to prevent exploitation of the CSRF issue.

**Name of the Vulnerable Software and Affected Versions** Subscribe To Comments Reloaded plugin versions prior to 140219 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks. This is achieved via a request to the "subscribe-to-comments-reloaded/options/index.php" page to "wp-admin/admin.php". **Recommendations** For versions prior to 140219, update the Subscribe To Comments Reloaded plugin to version 140219 or later to resolve the issue. As a temporary workaround, consider restricting access to the subscribe-to-comments-reloaded/options/index.php page to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WordPress download-manager plugin versions prior to 2.9.52 Description: The issue concerns a security problem where an attacker can exploit the `id` parameter in a `wpdm generate password` action to `wp-admin/admin-ajax.php` API endpoint, leading to a potential XSS attack. Recommendations: For versions prior to 2.9.52, update the download-manager plugin to version 2.9.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp-admin/admin-ajax.php` API endpoint or avoiding the use of the `id` parameter in the `wpdm generate password` action until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 **Description** The issue allows logged-in users to perform actions similar to those of an administrator due to a Stored XSS. **Recommendations** For Salutation Responsive WordPress + BuddyPress Theme version 3.0.15, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YouTube (WordPress plugin) (affected versions not specified) **Description** The issue allows an unauthenticated attacker to change any setting within the plugin due to a CSRF weakness. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.