Nir Kum

**Name of the Vulnerable Software and Affected Versions** Classic Addons – WPBakery Page Builder plugin for WordPress versions up to, and including, 3.0 **Description** The issue allows authenticated attackers with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary PHP files on the server via the `style` parameter. This enables the execution of any PHP code in those files, which can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The issue is limited to PHP files in a Windows environment. **Recommendations** For Classic Addons – WPBakery Page Builder plugin for WordPress versions up to, and including, 3.0, consider disabling the `style` parameter to prevent the inclusion and execution of arbitrary PHP files until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation, especially for users with Contributor-level access and above.

**Name of the Vulnerable Software and Affected Versions** The Sky Addons for Elementor plugin for WordPress versions up to, and including, 2.6.1 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor template data. This is possible due to the `render` function in `modules/content-switcher/widgets/content-switcher.php`. **Recommendations** For versions up to, and including, 2.6.1, update to a version later than 2.6.1 to resolve the issue. As a temporary workaround, consider restricting access to the `render` function in `modules/content-switcher/widgets/content-switcher.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The News Kit Elementor Addons plugin for WordPress version 1.2.1 and earlier **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor template data via the render function in includes/widgets/canvas-menu/canvas-menu.php. This makes it possible to access sensitive information. **Recommendations** For versions 1.2.1 and earlier, consider disabling the render function in includes/widgets/canvas-menu/canvas-menu.php as a temporary workaround until a patch is available. Restrict access to the canvas-menu.php file to minimize the risk of exploitation. Avoid using the render function in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SendGrid for WordPress plugin versions up to, and including, 1.4 **Description** The issue is related to a missing capability check on the `wp mailplus clear logs` function, which allows authenticated attackers with Subscriber-level access and above to delete the plugin's log files, resulting in unauthorized loss of data. **Recommendations** For SendGrid for WordPress plugin versions up to, and including, 1.4, consider disabling the `wp mailplus clear logs` function until a patch is available to prevent unauthorized deletion of log files.

**Name of the Vulnerable Software and Affected Versions** Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.5.7 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft Elementor template data. This is possible due to the `render` function in `widgets/advanced/sina-modal-box.php`. **Recommendations** For Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.5.7, update to a version later than 3.5.7 to resolve the issue. As a temporary workaround, consider restricting access to the `render` function in `widgets/advanced/sina-modal-box.php` to minimize the risk of exploitation.