Milad Karimi

**Name of the Vulnerable Software and Affected Versions** WordPress Augmented-Reality plugin (affected versions not specified) **Description** A remote code execution issue exists in the elFinder connector. Unauthenticated attackers can upload and execute arbitrary PHP files by sending POST requests to the 'connector.minimal.php' endpoint. By utilizing the `mkfile` and `put` commands, attackers can create malicious PHP files within the `file manager` directory and execute them on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Travelscape version 1.0.3 **Description** Insufficient validation in the theme's upload functionality allows unauthenticated attackers to upload arbitrary files to the theme directory. This can lead to remote code execution on the affected WordPress installation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Background Image Cropper version 1.2 **Description** An issue allows unauthenticated attackers to upload arbitrary files by accessing the 'ups.php' endpoint. By utilizing the file upload form within the plugin directory, attackers can upload PHP files to execute arbitrary code on the server. Remote Code Execution (RCE) is the ability of an attacker to execute any command of their choice on a target machine. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Seotheme (affected versions not specified) **Description** An issue in the WordPress Seotheme allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell via the endpoint '/wp-content/themes/seotheme/mar.php' to execute system commands and upload additional files to maintain persistent access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** avatar uploader version 7.x-1.0-beta8 **Description** A reflected cross-site scripting issue allows unauthenticated attackers to inject malicious scripts by manipulating the `file` parameter. Attackers can craft URLs containing script payloads in the `file` parameter of 'avatar uploader.pages.inc' to execute arbitrary JavaScript in the browsers of victims. **Recommendations** As a temporary workaround, avoid using the `file` parameter in the 'avatar uploader.pages.inc' component until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jetpack version 9.1 **Description** A reflected cross-site scripting issue allows unauthenticated attackers to inject malicious scripts into victim browsers. This is achieved by manipulating the `post id` parameter within the "grunion-form-view.php" endpoint, enabling the execution of arbitrary JavaScript. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Contact Form Builder version 1.6.1 **Description** A reflected cross-site scripting issue allows unauthenticated attackers to inject malicious scripts. This is achieved by sending crafted URLs to the 'code generator.php' endpoint using the `form id` parameter, which enables the execution of arbitrary JavaScript in the victim's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress International Sms For Contact Form 7 Integration version 1.2 **Description** A reflected cross-site scripting issue exists in the admin settings interface. Attackers can inject malicious scripts through the `page` parameter in the 'class-sms-log-display.php' file to execute arbitrary JavaScript in the browsers of administrators. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pinger version 1.0 **Description** Remote code execution is possible due to unsanitized input in the 'ping.php' endpoint. Attackers can inject shell commands by appending shell metacharacters to the `ping` and `socket` parameters, allowing them to write arbitrary PHP files and execute system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Outline version 1.6.0 **Description** The software contains an unquoted service path, potentially allowing local attackers to execute arbitrary code with elevated system privileges. Exploitation involves the unquoted service path in the `OutlineService` executable, which could allow injection of malicious code to be executed with LocalSystem permissions. **Recommendations** Apply appropriate quoting to the service path for the `OutlineService` executable.

**Name of the Vulnerable Software and Affected Versions** WPForms version 1.7.8 **Description** The software contains a cross-site scripting issue in the slider import search feature and tab parameter. An attacker can inject malicious scripts through the `/ListTable.php` endpoint to execute arbitrary JavaScript in a victim’s browser. The vulnerable parameter is `tab`. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/ListTable.php` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AnyDesk versions 7.0.15 and 9.0.1 **Description** AnyDesk versions 7.0.15 and 9.0.1 have an unquoted service path configuration. This allows local, non-privileged users to potentially run code with SYSTEM-level privileges. An attacker can exploit this by injecting malicious executables that are then executed with high-level system permissions. **Recommendations** Update AnyDesk to a version that addresses this issue. As a temporary workaround, restrict access to the AnyDesk service path to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Membership For WooCommerce WordPress plugin versions prior to 2.1.7 **Description** The issue allows unauthenticated users to upload arbitrary files, including malicious PHP code, which could lead to remote code execution (RCE). This is due to a lack of validation for uploaded files. **Recommendations** For versions prior to 2.1.7, update to version 2.1.7 or later to resolve the issue. As a temporary workaround, consider disabling file upload functionality until a patch is available. Restrict access to sensitive areas where file uploads are permitted to minimize the risk of exploitation.