Ram

**Name of the Vulnerable Software and Affected Versions** Google Language Translator plugin for WordPress versions up to, and including, 6.0.9 **Description** The issue is related to Reflected Cross-Site Scripting via multiple parameters due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. It specifically affects users with older browsers that lack proper URL encoding support. **Recommendations** For versions up to, and including, 6.0.9, update to a version later than 6.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until a patch is available. Avoid using the plugin with older browsers that lack proper URL encoding support to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Timetable and Event Schedule by MotoPress plugin for WordPress versions up to, and including, 2.3.8 **Description** The issue is related to a missing capability check on the `wp ajax route url()` function called via a nopriv AJAX action. This allows unauthenticated attackers to call the function and perform various actions, including including random templates and injecting malicious web scripts. **Recommendations** For versions up to, and including, 2.3.8, update to the latest release to mitigate risks. As a temporary workaround, consider restricting access to the `wp ajax route url()` function until a patch is available. Additionally, ensure that all plugins are up-to-date to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kaswara Modern VC Addons plugin for WordPress versions up to, and including, 3.0.1 **Description** The issue is related to insufficient capability checking on various AJAX actions, allowing unauthenticated attackers to perform unauthorized actions. These actions include importing data, uploading arbitrary files, deleting arbitrary files, and more. **Recommendations** For versions up to, and including, 3.0.1, update to a version higher than 3.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until a patch is available. Avoid using the plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tutor LMS plugin for WordPress versions up to, and including, 2.7.4 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `addon enable disable` function. This allows unauthenticated attackers to enable or disable addons via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.7.4, consider disabling the `addon enable disable` function until a patch is available to prevent exploitation. Restrict access to the addon management interface to minimize the risk of unauthorized changes. Update to a version that includes the fix for this issue once it becomes available.

**Name of the Vulnerable Software and Affected Versions** The Bricks theme for WordPress versions up to, and including, 1.8.1 **Description** The issue is due to missing or incorrect nonce validation on the `reset settings` function, making it possible for unauthenticated attackers to reset the theme's settings via a forged request. This can happen if an attacker can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.8.1, consider disabling the `reset settings` function until a patch is available to prevent exploitation. Restrict access to the theme's settings to minimize the risk of unauthorized changes. Avoid using the theme until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.2.4 **Description** The issue is related to insufficient file type validation, allowing unauthenticated visitors to perform a "double extension" attack. This enables the upload of files containing a malicious extension but ending with a benign extension, potentially making remote code execution possible in some configurations. **Recommendations** For versions up to, and including, 3.2.4, update to a version later than 3.2.4 to resolve the issue. As a temporary workaround, consider restricting file uploads or implementing additional validation mechanisms to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Bricks theme for WordPress versions up to, and including, 1.8.1 **Description** The issue is due to missing or incorrect nonce validation on the `save settings` function, making it possible for unauthenticated attackers to modify the theme's settings. This includes enabling a setting that allows lower-privileged users, such as contributors, to perform code execution via a forged request, granted they can trick a site administrator into performing an action like clicking on a link. **Recommendations** For versions up to, and including, 1.8.1, update to a version that includes the fix for the missing or incorrect nonce validation on the `save settings` function. As a temporary workaround, consider disabling the `save settings` function until a patch is available to prevent modification of the theme's settings by unauthenticated attackers.

**Name of the Vulnerable Software and Affected Versions** Build App Online plugin for WordPress versions up to, and including, 1.0.21 **Description** The issue is related to a weak password reset mechanism, allowing unauthenticated attackers to reset the password of arbitrary users by guessing a 4-digit numeric reset code. This enables account takeover. **Recommendations** For versions up to, and including, 1.0.21, update to version 1.0.22 immediately to resolve the issue. As a temporary workaround, consider restricting access to the password reset mechanism until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Widget Settings Importer/Exporter Plugin for WordPress versions up to, and including, 1.5.3 **Description** The issue is related to Stored Cross-Site Scripting via the "wp ajax import widget data" parameter AJAX action due to insufficient input sanitization and output escaping. This allows authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.5.3, update to a version higher than 1.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the "wp ajax import widget data" AJAX action until a patch is available. Avoid using the `wp ajax import widget data` parameter in the affected AJAX endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Jetpack CRM plugin for WordPress versions up to, and including, 5.3.1 **Description** The issue concerns PHAR deserialization via the `zbscrmcsvimpf` parameter in the `zeroBSCRM CSVImporterLitehtml app` function. Although a nonce check is performed, steps 2 and 3 of this check do not take action upon failure, leading to a `file exists` check on the `zbscrmcsvimpf` value. If a phar:// archive is provided, its contents are deserialized, allowing an object to be injected into the execution stream. This enables an unauthenticated attacker to achieve object injection if they can upload a phar archive and trick an administrator into performing a specific action. **Recommendations** For Jetpack CRM plugin for WordPress versions up to, and including, 5.3.1: As a temporary workaround, consider disabling the `zeroBSCRM CSVImporterLitehtml app` function until a patch is available. Restrict access to the `zbscrmcsvimpf` parameter to minimize the risk of exploitation. Avoid using the `zbscrmcsvimpf` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Fancy Product Designer plugin for WordPress versions up to, and including, 4.6.9 **Description** The issue allows unauthorized modification of site options due to a missing capability check on the `fpd update options` function. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator, which can allow privilege escalation. **Recommendations** For versions up to, and including, 4.6.9, update to a version higher than 4.6.9 to resolve the issue. As a temporary workaround, consider disabling the `fpd update options` function until a patch is available. Restrict access to site options to minimize the risk of exploitation. Avoid using the default role setting in the affected site options until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** miniOrange's Google Authenticator plugin for WordPress versions up to, and including, 5.6.5 **Description** The issue is related to a missing capability check when changing plugin settings, which allows unauthenticated attackers to modify the plugin's settings. This could potentially lead to unauthorized changes to the plugin's configuration. **Recommendations** For versions up to, and including, 5.6.5, update to a version higher than 5.6.5 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to prevent unauthorized changes until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cyr to Lat plugin for WordPress versions up to, and including, 3.5 Cyr to Lat plugin for WordPress version 3.6 **Description** The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the `ctl sanitize title` function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 3.5, update to version 3.7 to fully patch the issue. For version 3.6, update to version 3.7 to fully patch the issue, as only a partial patch is available in version 3.6. As a temporary workaround, consider restricting access to the `ctl sanitize title` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Fancy Product Designer plugin for WordPress versions up to, and including, 4.6.9 **Description** The issue allows unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account. **Recommendations** For versions up to, and including, 4.6.9, update to a version higher than 4.6.9 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX functions until a patch is available. Additionally, restrict subscriber-level permissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Cerber Security plugin for WordPress versions up to, and including, 9.1 **Description** The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the `log` parameter when logging in to the site. This makes it possible for attackers to execute scripts whenever a user accesses an injected page. **Recommendations** For WP Cerber Security plugin for WordPress versions up to, and including, 9.1, update to a version higher than 9.1 to resolve the issue. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation. Avoid using the `log` parameter in the affected login functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.1 **Description** The issue allows authenticated attackers with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name, via the `mf first name` shortcode. **Recommendations** For versions up to, and including, 3.3.1, update to a version higher than 3.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the `mf first name` shortcode until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The FULL - Customer plugin for WordPress versions up to, and including, 2.2.3 **Description** The issue allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations, including non-repository sources, onto the site. This is possible due to improper authorization in the `/install-plugin` REST route. The attackers can install plugins from any location, granted they are packaged as a valid WordPress plugin. **Recommendations** For versions up to, and including, 2.2.3, consider disabling the `/install-plugin` REST route until a patch is available to prevent arbitrary file uploads. Restrict access to the plugin installation feature to minimize the risk of exploitation. Avoid using the plugin installation feature from non-repository sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The FULL - Customer plugin for WordPress versions up to, and including, 2.2.3 **Description** The issue allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check via the "/health" REST route due to improper authorization. **Recommendations** For versions up to, and including, 2.2.3, consider disabling access to the "/health" REST route until a patch is available to prevent exploitation. Restrict permissions for authenticated users to minimize the risk of sensitive information disclosure.

**Name of the Vulnerable Software and Affected Versions** Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.1 **Description** The issue allows authenticated attackers with subscriber-level capabilities or above to obtain sensitive information about any standard form field of any form submission via the 'mf' shortcode. **Recommendations** For versions up to, and including, 3.3.1, update to a version higher than 3.3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0 **Description** The issue allows authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages. This is achieved by using the 'mf' shortcode to echo unescaped form submissions, which can lead to Cross-Site Scripting. The script is stored in the site database and will execute when a victim visits a specific crafted link containing the form entry id. Note that user interaction is required for the JavaScript to execute. **Recommendations** For Metform Elementor Contact Form Builder for WordPress versions up to, and including, 3.3.0, update to a version higher than 3.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the `mf` shortcode for users with contributor-level permissions or above until a patch is available.