P7E4

**Name of the Vulnerable Software and Affected Versions** FoxyShop WordPress plugin versions prior to 4.8.2 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in an admin page. **Recommendations** For versions prior to 4.8.2, update to version 4.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the vulnerable parameter is outputted until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Gwyn's Imagemap Selector WordPress plugin versions 0.3.3 and earlier **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitised and escaped before being outputted back in attributes. This can lead to malicious scripts being injected into the website. **Recommendations** For Gwyn's Imagemap Selector WordPress plugin versions 0.3.3 and earlier, update to a version that properly sanitises and escapes parameters to prevent Reflected Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Donate Extra WordPress plugin versions 2.02 and earlier **Description** The issue is related to a Reflected cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitised and escaped before being outputted in the response. This can lead to malicious scripts being executed. **Recommendations** For Donate Extra WordPress plugin versions 2.02 and earlier, update to a version that properly sanitises and escapes parameters to prevent Reflected cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Domain Replace WordPress plugin versions 1.3.8 and earlier **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a `parameter` before outputting it back in an attribute in an admin page. This can lead to a reflected cross-site scripting attack. **Recommendations** For Domain Replace WordPress plugin versions 1.3.8 and earlier, update to a version later than 1.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the vulnerable parameter is outputted until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Turn off all comments WordPress plugin version 1.0 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `rows` parameter is not properly sanitised and escaped before being outputted back in an admin page. This allows for potential malicious script injection. **Recommendations** For Turn off all comments WordPress plugin version 1.0, consider disabling the admin page that outputs the `rows` parameter until a patch is available. Restrict access to this page to minimize the risk of exploitation. Avoid using the `rows` parameter in the affected admin page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Visual Slide Box Builder WordPress plugin versions 3.2.9 and earlier **Description** The issue concerns the lack of sanitization and escaping of various parameters in SQL statements via certain AJAX actions. These actions are available to any authenticated users, including those with minimal privileges like subscribers. This oversight leads to SQL injections. **Recommendations** For The Visual Slide Box Builder WordPress plugin versions 3.2.9 and earlier, update to a version that addresses the SQL injection issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advanced Image Sitemap WordPress plugin versions 1.2 and earlier **Description** The issue is related to Reflected Cross-Site Scripting. It occurs because the `PHP SELF` PHP variable is not properly sanitised and escaped before being outputted in an attribute on an admin page. This allows for malicious scripts to be reflected back to the user, potentially leading to security issues. **Recommendations** For Advanced Image Sitemap WordPress plugin versions 1.2 and earlier, consider updating to a version where this issue is fixed, as the current version does not properly sanitise the `PHP SELF` variable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BMI BMR Calculator WordPress plugin versions prior to 1.4 **Description** The issue concerns a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape arbitrary POST data before including it in the response. This allows for the potential injection of malicious scripts. **Recommendations** For BMI BMR Calculator WordPress plugin versions prior to 1.4, update to version 1.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Custom TinyMCE Shortcode Button WordPress plugin versions 1.1 and earlier **Description** The issue arises from the lack of sanitization and escaping of the `PHP SELF` variable before it is outputted in an attribute on an admin page, leading to Reflected Cross-Site Scripting. **Recommendations** For Custom TinyMCE Shortcode Button WordPress plugin versions 1.1 and earlier, update to a version that properly sanitizes and escapes the `PHP SELF` variable to prevent Reflected Cross-Site Scripting.

**Name of the Vulnerable Software and Affected Versions** Vertical scroll recent post WordPress plugin versions prior to 14.0 **Description** The issue is related to a Reflected Cross-Site Scripting problem. The Vertical scroll recent post WordPress plugin does not properly sanitise and escape a `parameter` before outputting it back in an attribute. This can lead to a Reflected Cross-Site Scripting attack. **Recommendations** For versions prior to 14.0, update to version 14.0 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable attribute in the plugin's output until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Fast Flow WordPress plugin versions prior to 1.2.12 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `page` parameter is not properly sanitised and escaped before being outputted back in an attribute in the admin dashboard. **Recommendations** For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Menubar WordPress plugin versions prior to 5.8 **Description** The issue concerns a Reflected Cross-Site Scripting problem. It arises because the Menubar WordPress plugin does not properly sanitise and escape the `command` parameter before including it in the response via the menubar AJAX action. This action is accessible to any authenticated users. **Recommendations** For versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the menubar AJAX action to minimize the risk of exploitation. Avoid using the `command` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress WP YouTube Live Plugin versions prior to 1.7.22 **Description** The issue allows unauthenticated attackers to inject arbitrary web scripts via Reflected Cross-Site Scripting. This is possible due to vulnerable POST data found in the ~/inc/admin.php file. **Recommendations** For versions prior to 1.7.22, update to version 1.7.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the ~/inc/admin.php file until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Fotobook WordPress plugin versions up to and including 3.2.3 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient escaping and the use of `$ SERVER['PHP SELF']` found in the `~/options-fotobook.php` file. This allows attackers to inject arbitrary web scripts onto the page. **Recommendations** For versions up to and including 3.2.3, update to a version higher than 3.2.3 to resolve the issue. As a temporary workaround, consider restricting access to the `~/options-fotobook.php` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: The Magic Post Voice WordPress plugin versions up to and including 1.2 Description: The issue allows attackers to inject arbitrary web scripts via the `ids` parameter found in the ~/inc/admin/main.php file, enabling Reflected Cross-Site Scripting attacks. Recommendations: For versions up to and including 1.2, consider disabling access to the ~/inc/admin/main.php file or restricting the use of the `ids` parameter until a patch is available.

Name of the Vulnerable Software and Affected Versions: WooCommerce EnvioPack WordPress plugin versions prior to 1.2 Description: The issue allows attackers to inject arbitrary web scripts via the `dataid` parameter in the ~/includes/functions.php file, enabling Reflected Cross-Site Scripting attacks. Recommendations: For versions up to and including 1.2, update to a version later than 1.2 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: H5P CSS Editor WordPress plugin versions up to and including 1.0 Description: The issue allows attackers to inject arbitrary web scripts via the `h5p-css-file` parameter in the ~/h5p-css-editor.php file, enabling Reflected Cross-Site Scripting attacks. Recommendations: For versions up to and including 1.0, update to a version that contains a fix for this issue to prevent Reflected Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the ~/h5p-css-editor.php file to minimize the risk of exploitation. Avoid using the `h5p-css-file` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: The Real WYSIWYG WordPress plugin versions up to and including 0.0.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of PHP SELF in the ~/real-wysiwyg.php file, allowing attackers to inject arbitrary web scripts. Recommendations: For versions up to and including 0.0.2, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the ~/real-wysiwyg.php file until a patch is available.

Name of the Vulnerable Software and Affected Versions: Simple Image Gallery WordPress plugin versions up to and including 1.0.6 Description: The issue allows attackers to inject arbitrary web scripts via the `msg` parameter found in the ~/simple-image-gallery.php file, enabling Reflected Cross-Site Scripting attacks. Recommendations: For versions up to and including 1.0.6, consider disabling access to the ~/simple-image-gallery.php file or restricting the use of the `msg` parameter until a patch is available.

Name of the Vulnerable Software and Affected Versions: Parsian Bank Gateway for Woocommerce WordPress plugin versions up to and including 1.0 Description: The issue allows attackers to inject arbitrary web scripts due to a var dump() on $ POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file. This is a Reflected Cross-Site Scripting vulnerability via a parameter. Recommendations: For versions up to and including 1.0, update to a version that fixes this issue, as the current version allows for the injection of arbitrary web scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.