Moose Love

**Name of the Vulnerable Software and Affected Versions** LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.2.6 **Description** The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by the `call by route name` function, which validates user capabilities but does not enforce nonce verification. This allows unauthenticated attackers to perform administrative actions by tricking a site administrator into performing an action, such as clicking a link. **Recommendations** Update LatePoint – Calendar Booking Plugin for Appointments and Events to version 5.2.6 or later.

**Name of the Vulnerable Software and Affected Versions** WP Go Maps (formerly WP Google Maps) versions through 10.0.04 **Description** The WP Go Maps plugin for WordPress has an issue where data can be modified without proper authorization. This is due to a missing capability check within the `processBackgroundAction()` function. Attackers who are authenticated with Subscriber-level access or higher can change global map engine settings. **Recommendations** Update WP Go Maps to a version later than 10.0.04.

**Name of the Vulnerable Software and Affected Versions** The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions through 1.8.36 **Description** The software is susceptible to unauthorized data modification. A missing capability check within the `delete comment()` function allows unauthenticated attackers to delete arbitrary image comments. This issue is present in the Pro version of the plugin, where the comments functionality is enabled. **Recommendations** Update the plugin to a version beyond 1.8.36.

**Name of the Vulnerable Software and Affected Versions** Hippoo Mobile App for WooCommerce plugin for WordPress versions up to and including 1.7.1 **Description** The Hippoo Mobile App for WooCommerce plugin for WordPress contains a flaw that allows unauthorized access to server files. This is due to a path traversal issue within the `template redirect()` function. An attacker does not need to be authenticated to exploit this issue and potentially read sensitive information stored on the server. **Recommendations** Update the Hippoo Mobile App for WooCommerce plugin to a version later than 1.7.1.

**Name of the Vulnerable Software and Affected Versions** PostGallery plugin for WordPress versions through 1.12.5 **Description** The PostGallery plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation within the 'PostGalleryUploader' class functions. This allows authenticated attackers possessing subscriber-level permissions or higher to upload arbitrary files to the server of the affected site, potentially enabling remote code execution. **Recommendations** Update the PostGallery plugin to a version later than 1.12.5.

**Name of the Vulnerable Software and Affected Versions** Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to and including 1.0.43 **Description** The Flo Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. The plugin permits SVG file uploads via an unauthenticated AJAX endpoint, `flo form submit`, without sufficient file content validation. This allows unauthenticated attackers to upload malicious SVG files containing JavaScript. When an administrator views the uploaded file within the WordPress admin interface, the malicious JavaScript executes, potentially leading to a full site compromise. **Recommendations** Update Flo Forms – Easy Drag & Drop Form Builder plugin to a version later than 1.0.43.

**Name of the Vulnerable Software and Affected Versions** Vitepos – Point of Sale (POS) for WooCommerce versions up to and including 3.3.0 **Description** The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation within the `insert media attachment()` function. Specifically, the `save update category img()` function accepts user-supplied file types without validation when processing category images. This allows authenticated attackers with subscriber-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution. The vulnerability affects point of sale systems that handle payment data, making file upload leading to remote code execution a critical issue. **Recommendations** Versions up to and including 3.3.0 should be updated to version 3.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** SNORDIAN's H5PxAPIkatchu plugin for WordPress versions through 0.4.17 **Description** The software is susceptible to Stored Cross-Site Scripting through the `insert data` API endpoint. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. These scripts will execute when a user accesses an injected page. **Recommendations** Update SNORDIAN's H5PxAPIkatchu plugin for WordPress to a version later than 0.4.17.

**Name of the Vulnerable Software and Affected Versions** GSpeech TTS – WordPress Text To Speech Plugin versions through 3.17.13 **Description** The GSpeech TTS – WordPress Text To Speech Plugin is susceptible to SQL Injection due to inadequate input sanitization and query preparation. This allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries into existing database queries. This can lead to the extraction of sensitive information from the database via the `field` parameter. **Recommendations** Update the GSpeech TTS – WordPress Text To Speech Plugin to a version later than 3.17.13.

**Name of the Vulnerable Software and Affected Versions** Web Accessibility By accessiBe plugin for WordPress versions through 2.10 **Description** The Web Accessibility By accessiBe plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation on several AJAX actions, including `accessibe signup`, `accessibe login`, `accessibe license trial`, `accessibe modify config`, and `accessibe add verification page`. An unauthenticated attacker can potentially modify plugin settings and create verification files by deceiving a site administrator into performing an action. **Recommendations** Update the Web Accessibility By accessiBe plugin for WordPress to a version later than 2.10.

**Name of the Vulnerable Software and Affected Versions** WP Links Page plugin for WordPress versions prior to 4.9.7 **Description** The WP Links Page plugin for WordPress is susceptible to SQL Injection through the `id` parameter. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with Subscriber-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. **Recommendations** Update the WP Links Page plugin to version 4.9.7 or later.

**Name of the Vulnerable Software and Affected Versions** Trinity Audio – Text to Speech AI plugin for WordPress versions prior to 5.21.1 **Description** The software is susceptible to exposure of sensitive information. An unauthenticated attacker can extract configuration data through the `~/admin/inc/phpinfo.php` file created during installation. **Recommendations** Update to version 5.21.1 or later. Remove the `phpinfo.php` file from the `~/admin/inc/` directory.

**Name of the Vulnerable Software and Affected Versions** Trinity Audio – Text to Speech AI audio player plugin for WordPress versions prior to 5.20.2 **Description** The software is susceptible to Cross-Site Request Forgery. This is because of a lack of, or incorrect, nonce validation in the '/admin/inc/post-management.php' file. This allows unauthenticated attackers to activate or deactivate posts by forging requests, provided they can trick a site administrator into performing an action, such as clicking a link. **Recommendations** Update to a version newer than 5.20.2.

**Name of the Vulnerable Software and Affected Versions** Trinity Audio – Text to Speech AI audio player versions prior to 5.20.2 **Description** The software is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link. The vulnerable parameter is `range-date`. **Recommendations** Update to version 5.20.2 or later.

Name of the Vulnerable Software and Affected Versions: PagBank / PagSeguro Connect para WooCommerce plugin for WordPress versions through 4.44.3 Description: The plugin is susceptible to SQL Injection via the `status` parameter due to insufficient input validation and inadequate SQL query preparation. This allows authenticated attackers with Shop Manager-level access or higher to inject additional SQL queries into existing database queries, potentially leading to the extraction of sensitive information. Recommendations: Update the PagBank / PagSeguro Connect para WooCommerce plugin to a version beyond 4.44.3.

Name of the Vulnerable Software and Affected Versions: EventON Lite versions prior to 2.4.7 Description: The EventON Lite plugin for WordPress is vulnerable to Information Exposure in versions prior to 2.4.7 via the `add single eventon` and `add eventon` shortcodes. Insufficient restrictions on post inclusion allow unauthenticated attackers to extract data from password-protected, private, or draft posts without authorization. Recommendations: Update EventON Lite to version 2.4.7 or later.