Rafie Muhammad

**Name of the Vulnerable Software and Affected Versions** MasterStudy LMS Pro Plus versions prior to 4.8.21 **Description** The MasterStudy LMS Pro Plus plugin for WordPress contains a generic SQL Injection flaw. This issue occurs because the `columns` parameter is not properly escaped and the SQL query is not sufficiently prepared. Authenticated attackers with instructor-level access or higher can append additional SQL queries to existing ones to extract sensitive information from the database. **Recommendations** Update the plugin to a version later than 4.8.20. As a temporary workaround, restrict access to the `columns` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kirki – Freeform Page Builder, Website Builder & Customizer versions prior to 6.0.7 **Description** Insufficient file path validation and a missing capability check in the `downloadZIP()` function allow unauthenticated attackers to read and delete arbitrary files. This action is limited to the WordPress uploads base directory. **Recommendations** Update to a version later than 6.0.6. As a temporary workaround, consider disabling the `downloadZIP()` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Avada Builder versions prior to 3.15.2 **Description** The Avada Builder plugin for WordPress contains a time-based SQL Injection, a technique where an attacker sends queries that cause the database to pause for a specific duration to determine if a condition is true. This occurs via the 'product order' parameter due to insufficient escaping of user-supplied data and lack of proper preparation of the SQL query. Unauthenticated attackers can append additional SQL queries to extract sensitive information from the database. This issue only affects sites where WooCommerce was previously installed and subsequently deactivated. Approximately 1 million sites are estimated to be at risk. **Recommendations** Update to a version newer than 3.15.1.

**Name of the Vulnerable Software and Affected Versions** Avada Builder versions prior to 3.15.3 **Description** An arbitrary file read issue exists in the Avada Builder plugin for WordPress. Authenticated attackers with Subscriber-level access or higher can read arbitrary files on the server, potentially exposing sensitive information. This is possible through the `fusion get svg from file()` function using the `custom svg` parameter within the 'fusion section separator' shortcode. **Recommendations** Update to version 3.15.3. As a temporary workaround, restrict access to the `fusion get svg from file()` function or the `custom svg` parameter in the 'fusion section separator' shortcode.

**Name of the Vulnerable Software and Affected Versions** sizam RH Frontend Publishing Pro versions through 4.3.2 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by users. The vulnerability exists due to insufficient sanitization of user-supplied input. The affected component is rh-frontend. **Recommendations** Update to a version newer than 4.3.2.

**Name of the Vulnerable Software and Affected Versions** ListingPro versions prior to 2.9.9 **Description** The ListingPro plugin contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerability exists due to insufficient sanitization of user-supplied input. The affected component is the listingpro-plugin. **Recommendations** Update ListingPro to version 2.9.9 or later.

**Name of the Vulnerable Software and Affected Versions** AndonDesign UDesign versions through 4.14.0 **Description** The software contains a flaw due to improper input handling during web page creation, which allows for Reflected Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by users. The vulnerability allows an attacker to inject arbitrary web scripts or HTML. The affected component is not specified. **Recommendations** Update to a version later than 4.14.0.

**Name of the Vulnerable Software and Affected Versions** PixFort pixfort Core versions through 3.2.22 **Description** A missing authorization issue exists in PixFort pixfort Core pixfort-core, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update PixFort pixfort Core to a version later than 3.2.22.

**Name of the Vulnerable Software and Affected Versions** PixFort pixfort Core versions through 3.2.22 **Description** A flaw exists in PixFort pixfort Core that allows for Reflected Cross-site Scripting (XSS). This issue arises from improper handling of user-supplied input when generating web pages. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is `pixfort-core`. **Recommendations** Update PixFort pixfort Core to a version later than 3.2.22.

**Name of the Vulnerable Software and Affected Versions** uixthemes Sober versions through 3.5.12 **Description** An authorization issue exists in uixthemes Sober that allows exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version later than 3.5.12.

**Name of the Vulnerable Software and Affected Versions** jegtheme JNews - Frontend Submit versions through 11.0.0 **Description** A flaw exists in jegtheme JNews - Frontend Submit that allows for Reflected Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability is present in the jnews-frontend-submit component. **Recommendations** Update jegtheme JNews - Frontend Submit to a version later than 11.0.0.

**Name of the Vulnerable Software and Affected Versions** jegtheme JNews - Video versions through 11.0.2 **Description** The software contains a flaw due to improper neutralization of input during web page generation, specifically a Reflected Cross-Site Scripting (XSS) issue. This impacts the jnews-video component. A successful exploit could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update jegtheme JNews - Video to a version later than 11.0.2.

**Name of the Vulnerable Software and Affected Versions** ThemeGoods Photography versions prior to 7.7.5 **Description** The software contains a flaw due to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update ThemeGoods Photography to version 7.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** jegtheme JNews - Pay Writer versions through 11.0.0 **Description** A flaw exists in jegtheme JNews - Pay Writer that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue potentially allows an attacker to include arbitrary files. **Recommendations** Update jegtheme JNews - Pay Writer to a version later than 11.0.0.

**Name of the Vulnerable Software and Affected Versions** sizam REHub Framework versions through 19.9.5 **Description** A missing authorization issue exists in the REHub Framework. This allows access to functionality that is not properly constrained by Access Control Lists (ACLs). **Recommendations** Update to a version beyond 19.9.5.

**Name of the Vulnerable Software and Affected Versions** brandexponents Oshine oshin versions through 7.2.7 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. **Recommendations** Update to a version later than 7.2.7.

**Name of the Vulnerable Software and Affected Versions** shinetheme Traveler versions through 3.2.6 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for potential exploitation of the system. **Recommendations** Update to a version later than 3.2.6.

**Name of the Vulnerable Software and Affected Versions** Woffice versions prior to 5.4.30 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This means an attacker could potentially inject malicious scripts into a web page viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied data used in web page construction. **Recommendations** Update Woffice to version 5.4.30 or later.

**Name of the Vulnerable Software and Affected Versions** WofficeIO Woffice Core versions prior to 5.4.30 **Description** An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. The issue affects the `woffice-core` component. **Recommendations** Update WofficeIO Woffice Core to a version later than 5.4.30.

**Name of the Vulnerable Software and Affected Versions** 8theme XStore versions prior to 9.6.1 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The affected component is XStore. **Recommendations** Update 8theme XStore to version 9.6.1 or later.