Rahul Karne

**Name of the Vulnerable Software and Affected Versions** Conditional Fields for Contact Form 7 WordPress plugin versions prior to 2.6.8 **Description** An uncontrolled resource consumption issue exists in the `Wpcf7cfMailParser` class. The `hide hidden mail fields regex callback()` method processes an iteration count from user-supplied POST parameters without validation or upper bound enforcement. Unauthenticated attackers can send an arbitrarily large integer via a REST API endpoint to trigger an unbounded loop with multiple `preg replace()` operations, leading to server memory exhaustion and PHP process crashes. **Recommendations** Update the plugin to version 2.6.8 or later.

**Name of the Vulnerable Software and Affected Versions** ElementsKit Lite WordPress plugin versions prior to 3.7.9 **Description** The ElementsKit Lite WordPress plugin versions prior to 3.7.9 exposes the REST endpoint `/wp-json/elementskit/v1/widget/mailchimp/subscribe` without authentication. The endpoint accepts client-supplied Mailchimp API credentials and insufficiently validates the `list` parameter when constructing upstream Mailchimp API requests. An unauthenticated attacker can abuse the endpoint as an open proxy to Mailchimp, potentially triggering unauthorized API calls, manipulating subscription data, exhausting API quotas, or causing resource consumption on the affected WordPress site. **Recommendations** Update ElementsKit Lite WordPress plugin to version 3.7.9 or later.

**Name of the Vulnerable Software and Affected Versions** Aruba HiSpeed Cache WordPress plugin versions prior to 3.0.5 **Description** The Aruba HiSpeed Cache WordPress plugin is susceptible to a cross-site request forgery (CSRF) issue impacting several administrative AJAX actions. Specifically, the `ahsc reset options`, `ahsc debug status`, and `ahsc enable purge` handlers authenticate and check user capabilities but fail to validate a WordPress nonce for requests that alter the system's state. An attacker could potentially trick a logged-in administrator into visiting a malicious webpage, causing the submission of forged requests to the `admin-ajax.php` endpoint. This could lead to unauthorized changes, such as resetting plugin settings, modifying the WordPress WP DEBUG configuration, or altering cache purging behavior. The vulnerable parameters are not explicitly mentioned. **Recommendations** Update Aruba HiSpeed Cache WordPress plugin to version 3.0.5 or later.