Miguel Santareno

**Name of the Vulnerable Software and Affected Versions** Membership Plugin – Restrict Content for WordPress versions prior to 3.2.19 **Description** The software is susceptible to Stored Cross-Site Scripting through multiple invoice settings fields. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update to version 3.2.19 or later.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce plugin for WordPress versions through 2.11.22 **Description** The Welcart e-Commerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `order mail` setting. Insufficient sanitization of the `order mail` field and a lack of output escaping allow authenticated attackers with Editor-level permissions or higher to inject arbitrary web scripts via the General Setting page. These scripts will execute when an administrator accesses the E-mail Setting page. **Recommendations** Update the Welcart e-Commerce plugin to a version later than 2.11.22.

**Name of the Vulnerable Software and Affected Versions** The Events Calendar plugin for WordPress versions prior to 6.15.3 **Description** The Events Calendar plugin for WordPress is susceptible to information disclosure through the REST endpoint. This allows unauthenticated attackers to extract information about password-protected vendors or venues. The affected API endpoint is not specified. The vulnerable data includes information related to `vendors` and `venues`. **Recommendations** Update The Events Calendar plugin to version 6.15.3 or later.

Name of the Vulnerable Software and Affected Versions: Welcart e-Commerce plugin for WordPress versions prior to 2.11.21 Description: The Welcart e-Commerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through settings. Insufficient input sanitization and output escaping allows authenticated attackers with editor-level permissions or higher to inject arbitrary web scripts into pages. These scripts execute when a user accesses the injected page. This issue only affects multi-site installations and installations where unfiltered html has been disabled. Recommendations: Update the Welcart e-Commerce plugin to version 2.11.21 or later.

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 4.0.4.3 Description: The issue allows unauthorized access to private or password-protected events due to missing authorization checks. This enables unauthenticated attackers to view private or password-protected events. Recommendations: For versions up to, and including, 4.0.4.3, update to a version later than 4.0.4.3 to resolve the issue. As a temporary workaround, consider restricting access to private or password-protected events until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ID4Portais versions prior to V.2022.837.002a **Description** The issue results in a HTML Injection vulnerability due to the `message` parameter being returned unsanitized in the response. **Recommendations** For versions prior to V.2022.837.002a, update to version V.2022.837.002a or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EventPrime WordPress plugin versions prior to 3.3.6 **Description** The issue allows unauthenticated visitors to access private and password-protected events by guessing their numeric id or event name due to a lack of authentication and authorization. **Recommendations** For versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the lack of sanitization and escaping of some settings. This can occur even when the unfiltered html capability is disallowed, for example in multisite setups. **Recommendations** For versions prior to 4.5.5, update to version 4.5.5 or later. For versions prior to 2.2.7, update to version 2.2.7 or later. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** EventON WordPress plugin versions prior to 2.2 **Description** The issue allows high privilege users, such as admins, to perform Stored HTML Injection attacks. This is possible because the plugin does not properly sanitise and escape some of its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** EventPrime WordPress plugin versions prior to 3.2.0 **Description** The issue concerns an HTML Injection in the search area of the website due to the plugin not sanitizing and escaping a parameter before outputting it back in the page. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EventPrime WordPress plugin versions prior to 3.2.0 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EventON WordPress plugin versions prior to 2.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to access and modify the plugin's settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Elementor Website Builder WordPress plugin versions prior to 3.5.5 **Description** The issue allows user-controlled URLs to be loaded into the DOM without proper filtering. This could be exploited to inject rogue iframes that point to malicious URLs. **Recommendations** For versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting the loading of user-controlled URLs into the DOM to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EventON WordPress plugin versions prior to 2.1.2 **Description** The issue is related to a lack of authentication and authorization in the `eventon ics download` ajax action of the EventON WordPress plugin. This allows unauthenticated visitors to access private and password-protected events by guessing their numeric `id`. The vulnerability can be exploited remotely, potentially leading to unauthorized access to protected information. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `eventon ics download` ajax action until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** EventON WordPress plugin versions prior to 2.1.2 **Description** The issue is related to the eventon ics download ajax action in the EventON WordPress plugin, where the `event id` parameter is not properly validated, allowing unauthorized access to post content, including unpublished or protected posts, by providing the numeric id of the post. This can be exploited by unauthenticated visitors. The vulnerability is also described as an error in handling user-controlled authorization keys, which can allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider disabling the eventon ics download ajax action until a patch is available. Restrict access to the ics export functionality to minimize the risk of exploitation. Avoid using the `event id` parameter in the affected API endpoint until the issue is resolved.