Omar Badran

**Name of the Vulnerable Software and Affected Versions** directory-pro WordPress plugin versions prior to 1.9.5 final-user-wp-frontend-user-profiles WordPress plugin versions prior to 1.2.2 photographer-directory WordPress plugin versions prior to 1.0.9 real-estate-pro WordPress plugin versions prior to 1.7.1 institutions-directory WordPress plugin versions prior to 1.3.1 lawyer-directory WordPress plugin versions prior to 1.2.9 doctor-listing WordPress plugin versions prior to 1.3.6 Hotel Listing WordPress plugin versions prior to 1.3.7 fitness-trainer WordPress plugin versions prior to 1.4.1 wp-membership WordPress plugin versions prior to 1.5.7 **Description** The issue concerns several WordPress plugins developed by e-plugins, which fail to implement security measures in certain AJAX calls. Specifically, the `iv directories update profile setting()` function in the `plugin.php` file uses `update user meta` with data provided by the AJAX call, allowing an attacker to grant admin capabilities to a logged-in user. This is particularly problematic since these plugins allow user registration via custom forms, even if the blog does not permit user registration, thereby making any site using these plugins vulnerable. **Recommendations** For directory-pro WordPress plugin version prior to 1.9.5, update to version 1.9.5 or later. For final-user-wp-frontend-user-profiles WordPress plugin version prior to 1.2.2, update to version 1.2.2 or later. For photographer-directory WordPress plugin version prior to 1.0.9, update to version 1.0.9 or later. For real-estate-pro WordPress plugin version prior to 1.7.1, update to version 1.7.1 or later. For institutions-directory WordPress plugin version prior to 1.3.1, update to version 1.3.1 or later. For lawyer-directory WordPress plugin version prior to 1.2.9, update to version 1.2.9 or later. For doctor-listing WordPress plugin version prior to 1.3.6, update to version 1.3.6 or later. For Hotel Listing WordPress plugin version prior to 1.3.7, update to version 1.3.7 or later. For fitness-trainer WordPress plugin version prior to 1.4.1, update to version 1.4.1 or later. For wp-membership WordPress plugin version prior to 1.5.7, update to version 1.5.7 or later.

Name of the Vulnerable Software and Affected Versions: Discord Recon Server versions prior to 0.0.3 Description: A vulnerability in Discord Recon Server could be exploited to read internal files from the system and write files into the system, resulting in remote code execution. The issue has been fixed in version 0.0.3. Recommendations: For versions prior to 0.0.3, update to version 0.0.3 to resolve the issue. As a temporary workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch.