Qerogram

**Name of the Vulnerable Software and Affected Versions** Cursor versions 1.17 through 1.2 **Description** Cursor is a code editor built for programming with AI. A UI information disclosure exists in Cursor's MCP (Model Context Protocol) deeplink handler, enabling attackers to execute arbitrary system commands through social engineering attacks. Clicking malicious `cursor://anysphere.cursor-deeplink/mcp/install` links does not display the command arguments in the installation dialog. If a user clicks a malicious deeplink and proceeds with the installation, the full command, including arguments, will be executed on the machine. **Recommendations** Update to version 1.3.

**Name of the Vulnerable Software and Affected Versions** HTTP Headers WordPress plugin versions prior to 1.18.11 **Description** The issue allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution. **Recommendations** For versions prior to 1.18.11, update to version 1.18.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HTTP Headers WordPress plugin versions prior to 1.18.8 **Description** The issue concerns an import functionality in the HTTP Headers WordPress plugin that executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. This allows for potential exploitation by executing unauthorized SQL commands. **Recommendations** For versions prior to 1.18.8, update to version 1.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the import functionality until a patch is available. Restrict access to the import feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** My Sticky Elements WordPress plugin versions prior to 2.0.9 **Description** The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter in a SQL statement when deleting messages. This can be exploited by high-privilege users, such as administrators. **Recommendations** For versions prior to 2.0.9, update to version 2.0.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Metricool WordPress plugin versions prior to 1.18 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For Metricool WordPress plugin versions prior to 1.18, update to version 1.18 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP SVG Icons WordPress plugin versions 3.2.3 and earlier **Description** The issue allows a high-privileged user, such as an admin, to upload a zip file containing malicious PHP code, leading to remote code execution. This is due to the plugin not properly validating uploaded custom icon packs. **Recommendations** For WP SVG Icons WordPress plugin versions 3.2.3 and earlier, update to a version later than 3.2.3 to resolve the issue. As a temporary workaround, consider restricting the upload of custom icon packs to trusted users until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Easy Social Icons WordPress plugin versions prior to 3.2.1 **Description** The issue allows high privileged users to inject arbitrary javascript, even when the unfiltered html capability is disallowed, due to improper escaping of the `image file` field when adding a new social icon. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Online Project Time Management System version 1.0 **Description** The issue allows attackers to execute arbitrary code via a crafted HTML file, exploiting an arbitrary file write vulnerability. **Recommendations** For Online Project Time Management System version 1.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Easy Social Icons WordPress plugin versions prior to 3.1.4 **Description** The issue arises from the lack of sanitization of the `selected icons` attribute in the `cnss widget` before it is used in an SQL statement, leading to a SQL injection vulnerability. **Recommendations** For versions prior to 3.1.4, update to version 3.1.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MapPress Maps for WordPress versions prior to 2.73.13 **Description** The issue allows a high privileged user to bypass certain security settings and upload arbitrary files to the site through the `ajax save` function. The file is written relative to the current stylesheet directory with a .php file extension added, and no validation is performed on the file's content. This can trigger a remote code execution (RCE) vulnerability by uploading a web shell. Additionally, the `name` parameter is not sanitized, allowing the payload to be uploaded to any directory the server has write access to. **Recommendations** For versions prior to 2.73.13, update to version 2.73.13 or later to resolve the issue. As a temporary workaround, consider disabling the `ajax save` function until a patch is available. Restrict access to the stylesheet directory to minimize the risk of exploitation. Avoid using the `name` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** String locator WordPress plugin versions prior to 2.5.0 **Description** The issue allows high privilege users, such as admins, to query arbitrary files on the web server via a path traversal vector due to improper validation of the path of files to be searched. Additionally, a flaw in the search function allows a pattern to be provided, which can be used to output relevant matches from the matching file, potentially disclosing all content of the file. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the search function to minimize the risk of exploitation. Avoid using the pattern search feature in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Amelia WordPress plugin versions prior to 1.0.47 **Description** The issue allows logged-in users with the custom "Amelia Manager" role to potentially upload PHP backdoors onto the site. This is because the plugin stores image blobs into actual files whose extension is controlled by the user. **Recommendations** For versions prior to 1.0.47, update to version 1.0.47 or later to resolve the issue. As a temporary workaround, consider restricting the "Amelia Manager" role to trusted users only until the update is applied.

**Name of the Vulnerable Software and Affected Versions** RegistrationMagic WordPress plugin versions prior to 5.0.2.2 **Description** The issue allows high privilege users to perform SQL injection attacks due to the lack of sanitization and escaping of the `rm form id` parameter in the Automation admin dashboard. **Recommendations** For versions prior to 5.0.2.2, update to version 5.0.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Catch Themes Demo Import WordPress plugin versions prior to 2.1.1 **Description** The issue allows high privilege admins to upload arbitrary PHP files, potentially leading to remote code execution (RCE), even when the blog is hardened with constants such as DISALLOW UNFILTERED HTML, DISALLOW FILE EDIT, and DISALLOW FILE MODS set to true. **Recommendations** For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to prevent potential exploitation.