Os

**Name of the Vulnerable Software and Affected Versions** LiteSpeed Cache versions prior to 7.8 **Description** The LiteSpeed Cache plugin for WordPress contains a Stored Cross-Site Scripting issue. The REST API endpoints "/wp-json/litespeed/v1/notify ccss" and "/wp-json/litespeed/v1/notify ucss" accept CSS content from QUIC.cloud callback notifications and store it to disk without sanitization. This content is subsequently rendered inline during frontend page loads without output escaping. The IP-based validation used for access control on these endpoints can be bypassed if the site is deployed behind a CDN, load balancer, or reverse proxy with specific configurations, allowing unauthenticated attackers to inject arbitrary JavaScript into CCSS/UCSS content. **Recommendations** Update to a version later than 7.7.

**Name of the Vulnerable Software and Affected Versions** Gutenverse versions prior to 3.4.7 **Description** The plugin is subject to Reflected Cross-Site Scripting, a flaw where an application includes untrusted data in a web page without proper validation, allowing scripts to be executed in the victim's browser. The issue occurs because the `render content()` function in `class-search-result-title.php` outputs the value of the `s` parameter via `get query var('s')` directly into the HTML without using `esc html()` or other escaping functions. Unauthenticated attackers can inject arbitrary web scripts through a crafted URL, which execute when a user clicks the link, provided the `gutenverse/search-result-title` block is active on the search results template. **Recommendations** Update to a version later than 3.4.6. As a temporary workaround, remove the `gutenverse/search-result-title` block from the site's search results template to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Boost plugin for WordPress versions prior to 2.0.4 **Description** The plugin is subject to PHP Object Injection due to the deserialization of untrusted input. Unauthenticated remote attackers can inject a PHP Object by passing a manipulated string through the `STYXKEY-BOOST USER LOCATION` cookie. This issue requires a Property-Oriented Programming (POP) chain—a sequence of gadgets (existing code snippets) used to achieve a specific goal—to be present in another installed plugin or theme to have an impact. If such a chain exists, it may allow the attacker to execute code, retrieve sensitive data, or delete arbitrary files. **Recommendations** Update to version 2.0.4. As a temporary workaround, restrict or sanitize the `STYXKEY-BOOST USER LOCATION` cookie to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Boost plugin for WordPress versions prior to 2.0.4 **Description** The plugin is susceptible to time-based SQL Injection, a technique where an attacker sends queries that cause the database to wait for a specific amount of time before responding, allowing them to infer data. This occurs due to insufficient escaping of user-supplied parameters and a lack of proper preparation of SQL queries. Unauthenticated attackers can append additional SQL queries to extract sensitive information from the database via the 'current url' and `user name` parameters. **Recommendations** Update the plugin to version 2.0.4 or later. As a temporary workaround, restrict access to the parameters 'current url' and `user name` to minimize the risk of exploitation.

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost of goods value]' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

**Name of the Vulnerable Software and Affected Versions** InfusedWoo Pro versions prior to 5.1.3 **Description** The InfusedWoo Pro plugin for WordPress contains an authorization bypass issue because it fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to permanently delete arbitrary products, orders, pages, or posts, change the status of any post, and mass-delete all comments on any post. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PixelYourSite Pro versions prior to 12.5.0.2 **Description** The PixelYourSite Pro plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF), a flaw where an attacker forces the server to make requests to an unintended location. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web application, potentially querying or modifying information from internal services. The issue occurs via the `scan video` function. This is a blind SSRF, meaning the response bodies are parsed internally for YouTube or Vimeo patterns and are not returned to the attacker. **Recommendations** Update to a version later than 12.5.0.1. As a temporary workaround, restrict access to the `scan video` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Woo Labels versions prior to 2.3 **Description** The Advanced Woo Labels plugin for WordPress is susceptible to Remote Code Execution due to the use of `call user func array()` with user-controlled callback and parameters in the `get select option values()` AJAX handler. The lack of an allowlist of permitted callbacks or a capability check allows authenticated attackers with Contributor-level access or higher to execute arbitrary PHP functions and potentially operating system commands on the server via the `callback` parameter. **Recommendations** Update Advanced Woo Labels to a version later than 2.3.

**Name of the Vulnerable Software and Affected Versions** LearnPress Export Import versions up to and including 4.1.0 **Description** The LearnPress Export Import WordPress extension for the LearnPress plugin is affected by a flaw that allows unauthorized data loss. A missing capability check within the `delete migrated data()` function permits unauthenticated attackers to delete courses migrated from Tutor LMS. The Tutor LMS plugin must be installed and activated for exploitation to occur. **Recommendations** Versions prior to 4.1.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress versions through 11.2.0 **Description** The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. Insufficient input sanitization and output escaping in the `pysTrafficSource` parameter and the `pys landing page` parameter allow unauthenticated attackers to inject arbitrary web scripts. These scripts will execute when a user accesses an injected page. **Recommendations** Update PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress to a version later than 11.2.0.

**Name of the Vulnerable Software and Affected Versions** PixelYourSite PRO plugin for WordPress versions prior to 12.4.0.3 **Description** The PixelYourSite PRO plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the `pysTrafficSource` parameter and the `pys landing page` parameter. An unauthenticated attacker can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update the PixelYourSite PRO plugin to version 12.4.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.24 **Description** The software contains a flaw that allows unauthorized modification of data, potentially leading to privilege escalation. A missing capability check within the `WCFM Settings Controller::processing()` function permits authenticated attackers with Shop Manager-level access or higher to modify arbitrary options on a WordPress site. This can be exploited to elevate user privileges, such as changing the default registration role to administrator and enabling user registration for malicious purposes, ultimately granting attackers administrative access. **Recommendations** Update to a version later than 6.7.24.

**Name of the Vulnerable Software and Affected Versions** AIKTP plugin for WordPress versions through 5.0.04 **Description** The AIKTP plugin for WordPress is susceptible to unauthorized data modification because of inadequate authorization checks on the `/aiktp/getToken` API endpoint. The endpoint utilizes the `verify user logged in` permission callback, which confirms user login status but does not validate administrative privileges. This allows authenticated attackers with Subscriber-level access or higher to obtain the administrator's `aiktpz token` access token. This token can then be used to create posts, upload files to the media library, and access private content with administrator permissions. **Recommendations** Update the AIKTP plugin to a version beyond 5.0.04.