Raad Haddad

**Name of the Vulnerable Software and Affected Versions** Autoptimize WordPress plugin versions prior to 3.1.0 **Description** The issue is related to errors in security mechanisms, allowing a remote attacker to gain unauthorized access to information. The Autoptimize WordPress plugin uses an easily guessable path to store the plugin's exported settings and logs. **Recommendations** For versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the exported settings and logs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DeepL Pro API translation plugin WordPress plugin versions prior to 1.7.5 **Description** The issue concerns the disclosure of sensitive information, including the DeepL API key, in publicly accessible log files. This allows an external, unauthenticated visitor to access these sensitive details. **Recommendations** For versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to prevent unauthorized disclosure of sensitive information.

**Name of the Vulnerable Software and Affected Versions** reSmush.it plugin versions prior to 0.4.4 **Description** The issue concerns a lack of authorization in various AJAX actions within the reSmush.it plugin, allowing any logged-in users, such as subscribers, to call these actions. **Recommendations** For versions prior to 0.4.4, update to version 0.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update is applied.

**Name of the Vulnerable Software and Affected Versions** reSmush.it versions prior to 0.4.4 **Description** The issue concerns a lack of CSRF checks for AJAX actions, allowing attackers to trick logged-in users into performing various actions on their behalf on the site. **Recommendations** For versions prior to 0.4.4, update to version 0.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update is applied.

**Name of the Vulnerable Software and Affected Versions** AdminPad WordPress plugin versions prior to 2.2 **Description** The issue concerns a lack of CSRF check when updating an admin's note, allowing attackers to make a logged-in admin update their notes via a CSRF attack. **Recommendations** For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the note update functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Frontend File Manager Plugin WordPress plugin versions prior to 21.4 **Description** The issue concerns a lack of CSRF check when uploading files, which could allow attackers to make logged-in users upload files on their behalf. **Recommendations** For versions prior to 21.4, update to version 21.4 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Passster WordPress plugin version 3.5.5.5.2 and earlier **Description** The issue arises from the storage of passwords inside a cookie named "passster" using a base64 encoding method, which is relatively easy to decode. This poses a significant risk if the cookies are leaked, as it could lead to password exposure. **Recommendations** For Passster WordPress plugin versions prior to 3.5.5.5.2, update to version 3.5.5.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `passster` cookie to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Enable Media Replace WordPress plugin versions prior to 4.0.0 **Description** The issue allows high privilege users, such as admins, to potentially move files outside the Upload folder to the web root directory via a path traversal attack. **Recommendations** For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Download Monitor WordPress plugin versions prior to 4.5.98 **Description** The issue is related to insufficient protection of registration data, allowing a remote attacker to disclose protected information. High privilege users, such as admins, can download sensitive files like `wp-config.php` or `/etc/passwd`, even in hardened environments or multisite setups. **Recommendations** For versions prior to 4.5.98, update to version 4.5.98 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** reSmush.it WordPress plugin versions prior to 0.4.6 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape some of its settings, even when unfiltered html is disallowed. **Recommendations** For versions prior to 0.4.6, update to version 0.4.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Simple File List WordPress plugin versions prior to 4.4.12 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 4.4.12, update to version 4.4.12 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Simple File List WordPress plugin versions prior to 4.4.12 **Description** The issue concerns the lack of nonce checks in the Simple File List WordPress plugin, which could allow attackers to perform a CSRF attack. This attack could enable attackers to make a logged-in admin create a new page and change its content. **Recommendations** For versions prior to 4.4.12, update to version 4.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Frontend File Manager Plugin WordPress plugin versions prior to 21.3 **Description** The issue allows any authenticated users to rename a file to an arbitrary extension, such as PHP, which could enable them to upload arbitrary files on the server and achieve remote code execution. **Recommendations** For versions prior to 21.3, update to version 21.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Frontend File Manager Plugin WordPress plugin versions prior to 21.3 **Description** The issue allows any unauthenticated user to rename uploaded files from users. Due to the lack of validation in the destination filename, this could allow them to change the content of arbitrary files on the web server. **Recommendations** For versions prior to 21.3, update to version 21.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload and rename functionality to authenticated users only. Avoid using the file rename feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Download Manager WordPress plugin versions prior to 3.2.55 **Description** The issue allows high privilege users, such as admins, to list and read arbitrary files and folders outside of the blog directory due to a lack of validation in one of the plugin's settings. **Recommendations** For versions prior to 3.2.55, update to version 3.2.55 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Post SMTP Mailer/Email Log WordPress plugin versions prior to 2.1.7 **Description** The issue concerns a lack of proper authorization in some AJAX actions within the plugin, potentially allowing high-privilege users, such as administrators, to perform blind Server-Side Request Forgery (SSRF) attacks on multisite installations. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external systems, potentially leading to unauthorized access or data exposure. **Recommendations** For versions prior to 2.1.7, update to version 2.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions in question or limiting the privileges of users who can access these actions until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Simple File List WordPress plugin versions prior to 4.4.12 **Description** The issue is related to Reflected Cross-Site Scripting. The Simple File List WordPress plugin does not escape parameters before outputting them back in attributes, leading to this problem. **Recommendations** For versions prior to 4.4.12, update to version 4.4.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Autoptimize WordPress plugin versions prior to 3.1.1 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Post SMTP Mailer/Email Log WordPress plugin versions prior to 2.1.4 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks against other users, even when the unfiltered html capability is disallowed, due to the plugin not escaping some of its settings before outputting them in the admin's dashboard. **Recommendations** For Post SMTP Mailer/Email Log WordPress plugin versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP STAGING WordPress plugin versions prior to 2.9.18 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For WP STAGING WordPress plugin versions prior to 2.9.18, update to version 2.9.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users to minimize the risk of exploitation.