Nguyễn Trung Kiên

**Name of the Vulnerable Software and Affected Versions** FormCraft plugin for WordPress versions up to and including 3.9.11 **Description** The issue arises from a missing capability check in formcraft-main.php, allowing authenticated attackers with Subscriber-level access and above to export all plugin data. This data may contain sensitive information from form submissions. **Recommendations** For FormCraft plugin for WordPress versions up to and including 3.9.11, update to a version higher than 3.9.11 to resolve the issue. As a temporary workaround, consider restricting access to the formcraft-main.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Table Manager plugin for WordPress versions up to, and including, 4.1.3 **Description** The issue is related to a missing capability check on the `thewptm getFolders` AJAX action, allowing authenticated attackers with Subscriber-level access and above to read arbitrary file names and directories. **Recommendations** For versions up to, and including, 4.1.3, update to a version higher than 4.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the `thewptm getFolders` AJAX action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 **Description** The issue is related to Remote Code Execution due to a lack of sanitization on an imported JSON file. This allows authenticated attackers with Administrator-level access and above to execute code on the server via the `write config` function. **Recommendations** For versions up to, and including, 1.5.9, update to a version that includes a fix for this issue, as the current version allows for Remote Code Execution due to the lack of sanitization in the `write config` function. As a temporary workaround, consider disabling the `write config` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress Simple HTML Sitemap plugin versions up to 3.1 **Description** The issue allows authenticated attackers with Administrator-level access and above to append additional SQL queries into existing queries, potentially extracting sensitive information from the database. This is due to insufficient escaping on the user-supplied `id` parameter and lack of sufficient preparation on the existing SQL query. **Recommendations** For versions up to 3.1, as a temporary workaround, consider restricting access to the `id` parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Bannerize Pro plugin for WordPress versions up to, and including, 1.9.0 **Description** The issue is related to Stored Cross-Site Scripting via banner alt data due to insufficient input sanitization and output escaping. This allows authenticated attackers with editor-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For WP Bannerize Pro plugin for WordPress versions up to, and including, 1.9.0, update to a version later than 1.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the banner alt data input field to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the vulnerability's impact.