Project Black

Name of the Vulnerable Software and Affected Versions: The Push Notification for Post and BuddyPress WordPress plugin versions prior to 1.9.4 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Recommendations: For versions prior to 1.9.4, update to version 1.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to authenticated users only until a patch is applied.

Name of the Vulnerable Software and Affected Versions: The Simple Video Directory WordPress plugin versions prior to 1.4.3 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. Recommendations: For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent unauthenticated users from exploiting the SQL injection vulnerability.

**Name of the Vulnerable Software and Affected Versions** Coder WordPress plugin versions 1.3.4 and earlier **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. **Recommendations** For versions 1.3.4 and earlier, update to a version that properly sanitises and escapes parameters used in SQL statements. As a temporary workaround, consider restricting access to the AJAX action to authenticated users only until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The TrueBooker WordPress plugin versions prior to 1.0.3 **Description** The issue is related to a SQL injection vulnerability. It occurs because the plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Opti Marketing WordPress plugin versions 2.0.9 and earlier **Description** The issue arises from the Opti Marketing WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. **Recommendations** For versions 2.0.9 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the AJAX action to authenticated users only until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Viral Signup WordPress plugin versions 2.1 and earlier **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. **Recommendations** For Viral Signup WordPress plugin versions 2.1 and earlier, as a temporary workaround, consider disabling the AJAX action until a patch is available. Restrict access to the vulnerable parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The News Element Elementor Blog Magazine WordPress plugin versions prior to 1.0.6 **Description** The issue allows an unauthenticated attacker to include and execute PHP files on the server via the `template` parameter, enabling the execution of any PHP code in those files. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `template` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Grow by Tradedoubler WordPress plugin versions 2.0.21 and earlier **Description** The issue allows attackers to include and execute PHP files on the server via the `component` parameter, enabling the execution of any PHP code in those files. This is a Local File Inclusion vulnerability. **Recommendations** For versions 2.0.21 and earlier, consider disabling the `component` parameter until a patch is available to prevent exploitation. Restrict access to sensitive PHP files to minimize the risk of execution. Update to a version later than 2.0.21 when available.

Name of the Vulnerable Software and Affected Versions: CZ Loan Management WordPress plugin versions 1.1 and earlier Description: The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to unauthenticated users, leading to a SQL injection. Recommendations: For versions 1.1 and earlier, consider restricting access to the AJAX action until a proper fix is available. As a temporary workaround, avoid using the vulnerable parameter in the affected AJAX endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WpStickyBar WordPress plugin versions prior to 2.1.1 Description: The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to unauthenticated users, leading to a SQL injection. Recommendations: For WpStickyBar WordPress plugin versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: The Ultimate Classified Listings WordPress plugin versions prior to 1.3 Description: The issue allows unauthenticated users to access PHP files on the server from the listings page due to a lack of validation for the `ucl page` and `layout` parameters. Recommendations: For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the listings page or validating the `ucl page` and `layout` parameters to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PayPlus Payment Gateway WordPress plugin versions prior to 6.6.9 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route. This route is available to unauthenticated users, leading to an SQL injection issue. Recommendations: For versions prior to 6.6.9, update to version 6.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the WooCommerce API route until the update is applied.

Name of the Vulnerable Software and Affected Versions: The Filter & Grids WordPress plugin versions prior to 2.8.33 Description: The issue allows an unauthenticated attacker to include and execute PHP files on the server via the `post layout` parameter, enabling the execution of any PHP code in those files. Recommendations: For versions prior to 2.8.33, update to version 2.8.33 or later to resolve the issue. As a temporary workaround, consider restricting access to the `post layout` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Quiz and Survey Master (QSM) WordPress plugin versions prior to 9.0.2 **Description** The issue concerns a SQL injection due to the lack of validation and escaping of the `question id` parameter in the "qsm bulk delete question from database" AJAX action. This can be exploited by users with a role of Contributors or above. **Recommendations** For versions prior to 9.0.2, update to version 9.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "qsm bulk delete question from database" AJAX action to minimize the risk of exploitation.