Panagiotis Vagenas

Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action parameter to load files via CSRF, bypassing authentication on vulnerable AJAX actions.

Name of the Vulnerable Software and Affected Versions: WP Membership plugin version 1.2.3 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified profile fields or new post content, potentially leading to cross-site scripting (XSS) attacks. This can be used to bypass the administrator confirmation step for new post content. Recommendations: For WP Membership plugin version 1.2.3, update to a version that fixes the XSS vulnerabilities to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to profile fields and new post content to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** users-ultra plugin versions prior to 1.5.64 **Description** The issue is related to SQL Injection via an ajax action in the users-ultra plugin for WordPress. **Recommendations** For versions prior to 1.5.64, update to version 1.5.64 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** users-ultra plugin versions prior to 1.5.63 **Description** The issue concerns a cross-site scripting (XSS) flaw. It is exploited via the `p name` parameter. **Recommendations** For versions prior to 1.5.63, update to version 1.5.63 or later to resolve the issue. As a temporary workaround, consider restricting access to the `p name` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** users-ultra plugin versions prior to 1.5.59 for WordPress **Description** The issue concerns an arbitrary file upload in the users-ultra plugin for WordPress. This is due to the `uultra-form-cvs-form-conf` feature. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.5.59, update to version 1.5.59 or later to resolve the issue. As a temporary workaround, consider restricting access to the `uultra-form-cvs-form-conf` feature until the update is applied.

**Name of the Vulnerable Software and Affected Versions** acurax-social-media-widget plugin versions prior to 3.2.6 **Description** The issue concerns a CSRF vulnerability via the `recordsArray` parameter to the "/wp-admin/admin-ajax.php" API endpoint, potentially leading to social widget icon array order XSS. **Recommendations** For versions prior to 3.2.6, update to version 3.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** zM Ajax Login & Register plugin versions prior to 1.1.0 **Description** The issue allows remote attackers to include and execute arbitrary php files via a relative path in the `template` parameter in a "load template" action to "wp-admin/admin-ajax.php". **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Free Counter plugin version 1.1 for WordPress **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `value ` parameter in a `check stat` action to "wp-admin/admin-ajax.php" API endpoint. **Recommendations** For Free Counter plugin version 1.1, avoid using the `value ` parameter in the "wp-admin/admin-ajax.php" API endpoint until a fix is available. As a temporary workaround, consider restricting access to the `check stat` action to minimize the risk of exploitation.