Régis Senet

The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

**Name of the Vulnerable Software and Affected Versions** cms-fuer-motorrad-werkstaetten versions prior to 1.0.1 **Description** The cms-fuer-motorrad-werkstaetten plugin for WordPress is susceptible to Cross-Site Request Forgery. This occurs because eight AJAX deletion handlers lack nonce validation and do not perform capability checks via `current user can()`. The affected handlers are 'vehicles cfmw d vehicle', 'contacts cfmw d contact', 'suppliers cfmw d supplier', 'receipts cfmw d receipt', 'positions cfmw d position', 'catalogs cfmw d article', 'stock cfmw d item', and 'settings cfmw d catalog'. Consequently, unauthenticated attackers can delete arbitrary vehicles, contacts, suppliers, receipts, positions, catalog articles, stock items, or entire supplier catalogs by tricking a logged-in user into clicking a malicious link. **Recommendations** Update to a version later than 1.0.0.

Name of the Vulnerable Software and Affected Versions: AHAthat Plugin WordPress plugin versions 1.6 and earlier Description: The issue allows Admin to perform SQL injection attacks due to the lack of sanitization and escaping of a parameter before using it in a SQL statement. Recommendations: For AHAthat Plugin WordPress plugin versions 1.6 and earlier, update to a version that includes the necessary sanitization and escaping of parameters in SQL statements to prevent SQL injection attacks.

Name of the Vulnerable Software and Affected Versions: JSP Store Locator WordPress plugin versions 1.0 and earlier Description: The issue allows users with Contributor access to perform SQL injection attacks due to the lack of sanitization and escaping of a parameter before its use in a SQL statement. Recommendations: For JSP Store Locator WordPress plugin versions 1.0 and earlier, update to a version that addresses this issue, as using unsanitized input in SQL statements poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Connexion Logs WordPress plugin versions 3.0.2 and earlier Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. Recommendations: For The Connexion Logs WordPress plugin versions 3.0.2 and earlier, update to a version that includes the necessary sanitization and escaping of parameters in SQL statements to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** AHAthat Plugin for WordPress versions up to and including 1.6 **Description** The issue is related to Cross-Site Request Forgery, caused by missing or incorrect nonce validation in the `aha plugin page()` function. This allows unauthenticated attackers to delete AHA pages by tricking a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to and including 1.6, consider disabling the `aha plugin page()` function until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the AHA pages to minimize the risk of deletion via forged requests.

**Name of the Vulnerable Software and Affected Versions** AHAthat Plugin versions up to, and including, 1.6 **Description** The issue is related to time-based SQL Injection via the `id` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This allows authenticated attackers with Administrator-level access and above to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. **Recommendations** For versions up to, and including, 1.6, consider restricting access to the `id` parameter in the affected API endpoint until a patch is available. As a temporary workaround, limit Administrator-level access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Altra Side Menu WordPress plugin versions 2.0 and earlier **Description** The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. **Recommendations** Altra Side Menu WordPress plugin versions 2.0 and earlier: Update the Altra Side Menu WordPress plugin to a version later than 2.0 to resolve the issue.