Phu Tran

Name of the Vulnerable Software and Affected Versions: wpDiscuz WordPress plugin versions 7.3.0 and earlier Description: The issue is related to the improper sanitization or escaping of the Follow and Unfollow messages in the wpDiscuz WordPress plugin, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed. Recommendations: For wpDiscuz WordPress plugin versions 7.3.0 and earlier, update to a version later than 7.3.0 to resolve the issue. As a temporary workaround, consider restricting the capability to post Follow and Unfollow messages to trusted users only until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin versions prior to 1.0.7 **Description** The issue concerns the About Me widget's Biography field, which does not properly sanitise input. This allows any authenticated user to set Cross-Site Scripting payloads, potentially leading to unauthorised access to the admin side of the blog when an admin views the affected user profile. **Recommendations** For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the About Me widget's Biography field to prevent low-privilege users from setting malicious payloads.

**Name of the Vulnerable Software and Affected Versions** The Tutor LMS – eLearning and online course solution WordPress plugin versions prior to 1.9.2 **Description** The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Summary field of Announcements is not properly escaped when outputted in an attribute. This field can be created by users with low privileges, such as Tutor Instructors. The issue is triggered when viewing the Announcements list and could potentially lead to privilege escalation if viewed by an administrator. **Recommendations** For versions prior to 1.9.2, update to version 1.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Salon booking system WordPress plugin versions prior to 6.3.1 **Description** The issue arises from the improper sanitization and escaping of the `First Name` field when booking an appointment, allowing low-privilege users to set JavaScript, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The malicious script is executed in the admin context when an admin visits the "Calendar" page. **Recommendations** For versions prior to 6.3.1, update to version 6.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Calendar" page for admins until the update is applied. Additionally, limiting the ability of low-privilege users, such as subscribers, to book appointments or set custom `First Name` fields may help mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Comments Like Dislike WordPress plugin versions prior to 1.1.4 **Description** The issue allows any user, including unauthenticated ones, to add unlimited likes or dislikes to any comment by replaying the AJAX request. The plugin's restriction modes, such as Cookie Restriction, IP Restrictions, and Logged In User Restriction, do not prevent this attack as they only perform client-side checks. **Recommendations** For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue. As a temporary workaround, consider disabling the AJAX functionality for likes and dislikes until the update is applied. Restrict access to the comment liking/disliking feature to minimize the risk of exploitation.