Muhammad Afnaan

**Name of the Vulnerable Software and Affected Versions** AJAX Report Comments versions prior to 2.0.5 **Description** The AJAX Report Comments plugin for WordPress is subject to Cross-Site Request Forgery due to missing or incorrect nonce validation in the `rc options page()` function. A nonce is a unique token used to verify that a request was intentionally sent by the user. This flaw allows unauthenticated attackers to modify plugin settings—including link text, markup, success/failure/already-reported messages, comment threshold, cookie duration, reporter-comment toggle, and notification email details (address, subject, and message body)—by tricking a site administrator into clicking a forged link. **Recommendations** Update to a version later than 2.0.4.

**Name of the Vulnerable Software and Affected Versions** FastPicker versions prior to 1.0.3 **Description** The FastPicker plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the `settingsPage()` function lacks proper nonce validation, which is a unique token used to verify that a request was intentionally sent by the user. This allows unauthenticated attackers to modify plugin settings, such as toggling webhook integration and changing the FastPicker and KDZ API URLs, by tricking a site administrator into clicking a malicious link. **Recommendations** Update the plugin to a version later than 1.0.2. As a temporary mitigation, restrict administrative access to the plugin settings page to trusted networks only.

**Name of the Vulnerable Software and Affected Versions** WP Meta Sort Posts versions prior to 1.0 **Description** The WP Meta Sort Posts plugin for WordPress is subject to Cross-Site Request Forgery (CSRF), a type of attack where an unauthorized user tricks a victim into performing actions they did not intend to do. This occurs due to missing or incorrect nonce validation—a security token used to ensure requests are legitimate—on the top-level included script in the 'msp-options.php' endpoint. Unauthenticated attackers can exploit this to modify the `msp loop file` and `msp nav location` settings by tricking a site administrator into clicking a malicious link. **Recommendations** Update the plugin to a version later than 0.9.

**Name of the Vulnerable Software and Affected Versions** Tectite Forms versions prior to 1.4 **Description** The Tectite Forms plugin for WordPress is subject to Cross-Site Request Forgery due to missing or incorrect nonce validation in the `admin init()` function. A nonce is a unique token used to verify that a request was intentionally sent by the user. This flaw allows unauthenticated attackers to modify plugin settings, such as the `tectite forms button` option, by tricking a site administrator into clicking a malicious link. **Recommendations** Update the plugin to a version later than 1.3. As a temporary workaround, restrict administrative access to the WordPress dashboard to trusted networks to minimize the risk of forged requests.

**Name of the Vulnerable Software and Affected Versions** Old Posts Highlighter versions prior to 1.0.4 **Description** The Old Posts Highlighter plugin for WordPress is susceptible to Cross-Site Request Forgery, a type of attack where an unauthorized user tricks a victim into performing actions they did not intend to do. This occurs due to missing or incorrect nonce validation within the `OPH options()` function. Consequently, unauthenticated attackers can update the plugin configuration settings without authorization by inducing a site administrator to click a malicious link. **Recommendations** Update the plugin to a version later than 1.0.3. As a temporary workaround, restrict access to the `OPH options()` function to minimize the risk of exploitation.

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin's license key option, and subsequently trigger license validation and pro feature installation on the victim site without the administrator's consent via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Successful exploitation can trigger downstream calls to amJL is license valid() and amJL download and install pro features(), meaning the impact extends beyond a simple settings change to unauthorized installation of plugin components.

The Search Simple Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the search simple fields options() function in functions admin.php. This makes it possible for unauthenticated attackers to modify the plugin's settings — including post types to search in, custom fields, media fields and the custom media function name — via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostats manage() function. This makes it possible for unauthenticated attackers to update the plugin's settings (gostats siteid and gostats server options) via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

**Name of the Vulnerable Software and Affected Versions** MetaMagic SEO Plugin versions prior to 1.7 **Description** The MetaMagic SEO Plugin for WordPress is subject to Cross-Site Request Forgery, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to missing or incorrect nonce validation in the `metamagic update options()` function. Unauthenticated attackers can exploit this to modify SEO settings, such as enabling or disabling the plugin and toggling the output of keyword and description meta tags, by inducing a site administrator to click a malicious link. **Recommendations** Update the plugin to a version later than 1.6. As a temporary workaround, restrict administrative access to the plugin settings page to minimize the risk of exploitation.

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdl off options() function. This makes it possible for unauthenticated attackers to update the plugin's settings — including the CDN URL used to rewrite all static asset references on the site — via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipv save changes function. This makes it possible for unauthenticated attackers to modify the plugin's firewall and two-factor authentication settings — including the operating mode, request include/exclude rules, authentication slug, and log retention period — potentially disabling protection entirely via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The Zawgyi Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the zawgyi adminpage function. This makes it possible for unauthenticated attackers to update the plugin's zawgyi forceCSS setting by submitting a forged POST request to options-general.php?page=zawgyi embed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify the minimum order weight setting by tricking a site administrator into clicking a link or visiting an attacker-controlled page containing a forged POST request.

**Name of the Vulnerable Software and Affected Versions** DX Sources versions prior to 2.0.2 **Description** The DX Sources plugin for WordPress is subject to Cross-Site Request Forgery (CSRF), a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to missing or incorrect nonce validation in the `settings page build()` function. Unauthenticated attackers can deceive a logged-in administrator into submitting a forged request, which allows the attacker to modify the plugin's configuration options if the administrator is tricked into clicking a malicious link. **Recommendations** Update to version 2.0.2 or later. As a temporary workaround, restrict access to the `settings page build()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mCatFilter versions prior to 0.5.3 **Description** The mCatFilter plugin for WordPress is susceptible to Cross-Site Request Forgery. The `compute post()` function, which processes settings updates, lacks nonce verification and capability checks. This function is executed on every page load via the `plugins loaded` hook and processes `$ POST` data to modify plugin settings through `update option()` without validating a CSRF token. Consequently, unauthenticated attackers can modify plugin settings, such as category exclusion rules, feed exclusion flags, and tag page exclusion flags, by tricking a site administrator into clicking a malicious link. **Recommendations** Update to a version later than 0.5.2. As a temporary workaround, restrict access to the `compute post()` function or the `plugins loaded` hook until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** DX Unanswered Comments versions prior to 1.8 **Description** The DX Unanswered Comments plugin for WordPress is susceptible to Cross-Site Request Forgery. This issue occurs because of missing nonce validation on the settings form within the 'dxuc-unanswered-comments-admin-page.php' file. Unauthenticated attackers can modify plugin settings, specifically the `dxuc authors list` and `dxuc comment count` variables, by tricking a site administrator into clicking a malicious link. **Recommendations** Update to a version later than 1.7.

**Name of the Vulnerable Software and Affected Versions** TextP2P Texting Widget versions prior to 1.8 **Description** The TextP2P Texting Widget plugin for WordPress is susceptible to Cross-Site Request Forgery. This occurs because the `imTextP2POptionPage()` function, which handles settings updates, lacks nonce validation. Specifically, the form does not include a `wp nonce field()`, and the POST handler fails to call `check admin referer()` or `wp verify nonce()` before processing changes. This allows unauthenticated attackers to update plugin settings, including chat widget titles, messages, API credentials, colors, and reCAPTCHA configuration, by tricking a site administrator into clicking a malicious link. **Recommendations** Update the plugin to a version later than 1.7.

**Name of the Vulnerable Software and Affected Versions** Kcaptcha versions prior to 1.0.2 **Description** The Kcaptcha plugin for WordPress is subject to Cross-Site Request Forgery. The issue exists in the settings page handler 'admin/setting.php' because it lacks nonce validation. Specifically, the settings form does not implement a `wp nonce field()` and the processing code fails to utilize `wp verify nonce()` or `check admin referer()` before updating the database via `$wpdb->update()`. This allows unauthenticated attackers to modify CAPTCHA settings for login, registration, lost password, and comment forms by tricking a site administrator into clicking a malicious link. **Recommendations** Update to a version newer than 1.0.1.

**Name of the Vulnerable Software and Affected Versions** Call To Action Plugin versions prior to 3.1.4 **Description** The plugin is susceptible to Cross-Site Request Forgery due to missing nonce validation in the `cbox options page()` function, which manages the saving, creation, and deletion of plugin settings. The settings page form lacks a `wp nonce field()`, and the save handler fails to utilize `wp verify nonce()` or `check admin referer()` before processing updates via `$wpdb->update()`. This allows unauthenticated attackers to modify configuration options, including the call-to-action box title, content, link URL, image URL, and colors, by tricking a site administrator into clicking a forged link. **Recommendations** Update to a version newer than 3.1.3.

**Name of the Vulnerable Software and Affected Versions** Ni WooCommerce Order Export versions prior to 3.1.7 **Description** An issue exists where missing nonce validation in the `ni order export action()` AJAX handler function allows unauthenticated attackers to modify plugin settings via a forged request. The handler processes settings updates when the 'page' parameter is set to 'nioe-order-settings', delegating to `Ni Order Setting::page ajax()` which calls `update option('ni order export option', $ REQUEST)` without verifying a nonce or checking user capabilities. This can be exploited if a site administrator is tricked into performing an action, such as clicking a link. **Recommendations** Update to a version later than 3.1.6.