Mikey Veenstra

**Name of the Vulnerable Software and Affected Versions** WP Cost Estimation versions prior to 9.660 **Description** The WP Cost Estimation plugin for WordPress is susceptible to a directory traversal issue in versions before 9.660. This flaw resides within the `uploadFormFiles` function and permits attackers to overwrite any file of a whitelisted type on a vulnerable website. **Recommendations** Update WP Cost Estimation to version 9.660 or later.

**Name of the Vulnerable Software and Affected Versions** WP Cost Estimation versions up to and including 9.642 **Description** The WP Cost Estimation plugin for WordPress is affected by a flaw allowing arbitrary file uploads and deletion. This is due to a lack of file type validation in the `lfb upload form` and `lfb removeFile` AJAX actions. An unauthenticated attacker can upload arbitrary files to the affected server, potentially leading to remote code execution. The attacker can also delete files, including database configuration files, and replace them with their own. **Recommendations** Update WP Cost Estimation to a version beyond 9.642.

**Name of the Vulnerable Software and Affected Versions** 10WebMapBuilder plugin for WordPress versions up to and including 1.0.63 **Description** The 10WebMapBuilder plugin for WordPress is susceptible to Stored Cross-Site Scripting through modifications in the Plugin Settings. This is a result of inadequate input sanitization and output escaping, combined with a lack of capability checks. This allows unauthenticated attackers to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update the 10WebMapBuilder plugin to a version later than 1.0.63.

**Name of the Vulnerable Software and Affected Versions** Async JavaScript plugin for WordPress versions prior to 2.19.07.14 **Description** The software is susceptible to Stored Cross-Site Scripting due to missing authorization checks on the `aj steps` AJAX action and insufficient sanitization of settings saved through a function. This allows authenticated attackers with subscriber-level permissions or higher to inject malicious web scripts into a page. These scripts will execute whenever a user accesses the affected page. **Recommendations** Update to a version later than 2.19.07.14.

**Name of the Vulnerable Software and Affected Versions** Rich Review plugin for WordPress versions up to, and including, 1.7.4 **Description** The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body `update` parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability has been exploited in the wild, and affected versions are at risk. **Recommendations** Update the Rich Review plugin for WordPress to the latest version to mitigate the risk of exploitation. As a temporary workaround, consider disabling the `update` parameter in the POST body until a patch is available. Restrict access to the Rich Review plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Van Ons WP GDPR Compliance plugin versions prior to 1.4.3 **Description** The issue allows remote attackers to execute arbitrary code due to mishandled input in `$wpdb->prepare()`. This has been exploited in the wild. **Recommendations** For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin until the update is applied.