Michelle Porter

**Name of the Vulnerable Software and Affected Versions** ELEX WordPress HelpDesk & Customer Ticketing System plugin versions through 3.3.1 **Description** The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress has a flaw that allows unauthorized data modification. A missing capability check within the `eh crm remove agent` function permits authenticated attackers with Subscriber-level access or higher to remove the role and capabilities of users holding Administrator, WSDesk Supervisor, or WSDesk Agent roles. **Recommendations** Update the ELEX WordPress HelpDesk & Customer Ticketing System plugin to a version beyond 3.3.1.

**Name of the Vulnerable Software and Affected Versions** Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.3.9 **Description** The software is susceptible to a PHP Object Injection due to deserialization of untrusted input within the `import all courses` function. This allows authenticated attackers with Administrator-level access or higher to inject a PHP Object. The impact of this issue is limited unless another plugin or theme containing a PHP Object Payload (POP) chain is installed, which could allow actions such as arbitrary file deletion, sensitive data retrieval, or code execution. **Recommendations** Versions prior to 3.3.9 should be updated.

**Name of the Vulnerable Software and Affected Versions** Academy LMS – WordPress LMS Plugin for Complete eLearning Solution versions prior to 3.3.9 **Description** The Academy LMS – WordPress LMS Plugin for WordPress is susceptible to sensitive information disclosure. Specifically, the `enqueue social login script` function can allow unauthenticated attackers to extract sensitive data, including the Facebook App Secret, if Facebook Social Login is enabled. **Recommendations** Update to version 3.3.9 or later.

Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin for WordPress versions prior to 67.7.1 Description: The plugin is susceptible to privilege escalation due to missing validation on a user-controlled key within the `MJ gmgt gmgt add user` function. Authenticated attackers with Subscriber-level access or higher can modify the email, password, and other details of any user, including administrators. Recommendations: Update to version 67.7.1 or later. As a temporary workaround, restrict access to the `MJ gmgt gmgt add user` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: MelaPress Login Security and MelaPress Login Security Premium versions 2.1.0 Description: The issue is related to unauthorized loss of data due to a missing capability check on the `monitor admin actions` function. This allows unauthenticated attackers to delete any user. Recommendations: For version 2.1.0, consider disabling the `monitor admin actions` function until a patch is available to prevent unauthorized user deletion.

**Name of the Vulnerable Software and Affected Versions** The ImagePress – Image Gallery plugin for WordPress versions prior to 1.2.3 **Description** The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization. This is due to a missing capability check on the `ip delete post` and `ip update post title` functions. As a result, attackers can delete arbitrary posts and update post titles. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ip delete post` and `ip update post title` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 **Description** The issue is due to missing or incorrect nonce validation on the `imagepress admin page` function, making it possible for unauthenticated attackers to update plugin settings, including redirection URLs, via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.2.2, consider disabling the `imagepress admin page` function until a patch is available to prevent exploitation. Restrict access to plugin settings to minimize the risk of unauthorized updates. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WP MultiTasking – WP Utilities plugin for WordPress versions up to, and including, 0.1.17 Description: The issue is related to Stored Cross-Site Scripting via the `wpmt menu name` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. Recommendations: For versions up to, and including, 0.1.17, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `wpmt menu name` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin versions up to, and including, 5.7.34 Description: The issue allows unauthorized access to data due to a missing capability check on the `preview email template design` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages. Recommendations: For versions up to, and including, 5.7.34, update to a version that includes a fix for the missing capability check in the `preview email template design` function. As a temporary workaround, consider restricting access to the `preview email template design` function to minimize the risk of exploitation.