Md. Moniruzzaman Prodhan

**Name of the Vulnerable Software and Affected Versions** Ditty – Responsive News Tickers, Sliders, and Lists versions prior to 3.1.66 **Description** An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can retrieve the full content of non-public items, such as drafts, pending, scheduled, and disabled entries, by enumerating integer post IDs. This occurs via the 'ditty init' AJAX endpoint, where the `init ajax()` function fails to verify that the requested item has a 'publish' post status before returning the data, unlike the `init()` function. **Recommendations** Update to a version later than 3.1.65.

**Name of the Vulnerable Software and Affected Versions** Alma versions prior to 5.16.1 **Description** An issue exists in Alma alma-gateway-for-woocommerce related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation of these levels. **Recommendations** Update Alma to a version later than 5.16.1.

**Name of the Vulnerable Software and Affected Versions** Fortis for WooCommerce versions up to and including 1.2.0 **Description** The Fortis for WooCommerce plugin for WordPress has an authorization bypass issue because of an incorrect nonce check within the `check fortis notify response` function. This allows unauthenticated attackers to modify WooCommerce order statuses to paid, processing, or completed, potentially enabling fraudulent order marking as paid without actual payment. The issue affects the `wc-api` endpoint. **Recommendations** Update Fortis for WooCommerce to a version later than 1.2.0.

**Name of the Vulnerable Software and Affected Versions** RegistrationMagic plugin for WordPress versions through 6.0.7.4 **Description** The RegistrationMagic plugin for WordPress is affected by a missing authorization issue. Specifically, nonce verification and capability checks are absent in the `rm set otp` AJAX action handler. This allows unauthenticated attackers to modify plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles. **Recommendations** Update to version 6.0.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** Frontend File Manager Plugin for WordPress versions prior to 23.6 **Description** The Frontend File Manager Plugin for WordPress has a flaw that allows unauthorized file sharing. This is due to a missing check to ensure proper user permissions when handling the 'wpfm send file in email' AJAX action. An attacker can exploit this to share any uploaded file via email by providing a file ID. Because file IDs are sequential integers, attackers can potentially list all uploaded files and obtain sensitive data intended for administrators only. The vulnerable component is the `wpfm send file in email` AJAX action. **Recommendations** Update to version 23.6 or later.

**Name of the Vulnerable Software and Affected Versions** Bayarcash WooCommerce versions through 4.3.11 **Description** A missing authorization issue exists in Bayarcash WooCommerce bayarcash-wc, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update Bayarcash WooCommerce to a version greater than 4.3.11.

**Name of the Vulnerable Software and Affected Versions** Frontend Post Submission Manager Lite WordPress Plugin versions through 1.2.6 **Description** The Frontend Post Submission Manager Lite WordPress Plugin is affected by a flaw that allows unauthorized data loss. An incorrect authorization check within the `media delete action` function permits unauthenticated attackers to delete arbitrary attachments. **Recommendations** Update the Frontend Post Submission Manager Lite WordPress Plugin to a version later than 1.2.6.

**Name of the Vulnerable Software and Affected Versions** Frontend Post Submission Manager Lite plugin versions through 1.2.5 **Description** The Frontend Post Submission Manager Lite plugin for WordPress has an issue where authorization checks are missing on the post update functionality within the `fpsml form process` AJAX action. This allows unauthenticated attackers to modify posts by providing a `post id` parameter through the guest posting form. Attackers can change post titles, content, and excerpts, and remove post authors. The vulnerable parameter is `post id`. **Recommendations** Update the Frontend Post Submission Manager Lite plugin to a version later than 1.2.5.

**Name of the Vulnerable Software and Affected Versions** File Uploader for WooCommerce versions up to and including 1.0.3 **Description** The File Uploader for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the callback function associated with the `/add-image-data` API endpoint. This allows unauthenticated attackers to upload arbitrary files to the Uploadcare service and subsequently download them to the affected site's server, potentially leading to remote code execution. The vulnerability is present in the `add-image-data` API endpoint and involves a missing check on the `file` parameter. **Recommendations** Versions up to and including 1.0.3: Update the plugin to a version beyond 1.0.3.