Richard Telleng

**Name of the Vulnerable Software and Affected Versions** WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.1.6 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's su lightbox shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 7.1.6, update to a version later than 7.1.6 to resolve the issue. As a temporary workaround, consider restricting access to the su lightbox shortcode for users with contributor-level access and above until a patch is available.

Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.5.3 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcode(s), allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 1.3.5.3, update to a version higher than 1.3.5.3 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's shortcode(s) to prevent authenticated attackers from injecting arbitrary web scripts.

**Name of the Vulnerable Software and Affected Versions** MailerLite – Signup forms plugin for WordPress versions 1.5.0 through 1.7.6 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's shortcode(s) due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions 1.5.0 through 1.7.6, update the plugin to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the plugin's shortcode(s) to minimize the risk of exploitation. Additionally, restrict permissions to prevent authenticated attackers with contributor-level and above permissions from injecting arbitrary web scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Collapse-O-Matic plugin for WordPress versions up to, and including, 1.8.5.5 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'expand' shortcode due to insufficient input sanitization and output escaping on the `tag` user supplied attribute. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For Collapse-O-Matic plugin for WordPress versions up to, and including, 1.8.5.5: Update to a version later than 1.8.5.5 to resolve the issue. As a temporary workaround, consider disabling the `expand` shortcode until a patch is available. Restrict access to the `tag` attribute in the `expand` shortcode to minimize the risk of exploitation. Ensure proper input sanitization and output escaping on the `tag` attribute to prevent arbitrary web script injection.

**Name of the Vulnerable Software and Affected Versions** WP ULike plugin for WordPress versions up to, and including, 4.6.9 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'wp ulike' shortcode due to insufficient input sanitization and output escaping on the user supplied `wrapper class` attribute. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.6.9, update the WP ULike plugin to a version higher than 4.6.9 to resolve the issue. As a temporary workaround, consider restricting access to the 'wp ulike' shortcode or disabling it until a patch is available. Avoid using the `wrapper class` attribute in the 'wp ulike' shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Download Manager Pro plugin for WordPress versions up to, and including, 3.2.85 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcode(s), allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.2.85, update to a version later than 3.2.85 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's shortcode(s) to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Go Maps plugin for WordPress versions up to, and including, 9.0.32 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'wpgmza' shortcode, allowing authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 9.0.32, update to a version higher than 9.0.32 to resolve the issue. As a temporary workaround, consider restricting access to the 'wpgmza' shortcode for users with contributor-level and above permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.10 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes such as `align`. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For Shariff Wrapper plugin for WordPress versions up to, and including, 4.6.10, update to a version later than 4.6.10 to resolve the issue. As a temporary workaround, consider restricting access to the 'shariff' shortcode for users with contributor-level and above permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress versions up to, and including, 6.5.4 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'efb likebox' shortcode. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 6.5.4, update to a version that addresses the insufficient input sanitization and output escaping issue in the 'efb likebox' shortcode. As a temporary workaround, consider restricting access to the 'efb likebox' shortcode for users with contributor-level and above permissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Social Sharing Plugin – Sassy Social Share plugin for WordPress versions up to, and including, 3.3.56 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcode(s). This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.3.56, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting the use of the plugin's shortcode(s) to minimize the risk of exploitation. Additionally, limit contributor-level and above permissions to trusted users only.

**Name of the Vulnerable Software and Affected Versions** The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress versions up to, and including, 2.2.0 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcode(s). This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.2.0, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the plugin's shortcode(s) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Page scroll to id plugin for WordPress versions up to, and including, 1.7.8 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcode(s). This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.7.8, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting the use of the plugin's shortcode(s) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.8 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's shortcode(s) due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.9.8, update to a version that fixes the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting contributor-level and above permissions to minimize the risk of exploitation. Additionally, restrict access to the plugin's shortcode(s) until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress versions up to, and including, 7.0.2 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's `su tooltip` shortcode due to insufficient input sanitization and output escaping on user-supplied attributes and tags. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 7.0.2, consider disabling the `su tooltip` shortcode until a patch is available to prevent exploitation. Restrict access to pages that may have been injected with malicious scripts to minimize the risk of execution. Avoid using the `su tooltip` shortcode with user-supplied attributes and tags until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Advanced Database Cleaner plugin for WordPress versions up to, and including, 3.1.3 **Description** The issue allows an authenticated attacker with administrator access and above to inject a PHP Object via deserialization of untrusted input in the `process bulk action` function. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **Recommendations** For versions up to, and including, 3.1.3, update to a version that fixes the PHP Object Injection issue to prevent exploitation. As a temporary workaround, consider restricting access to the `process bulk action` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Calculated Fields Form plugin for WordPress versions up to, and including, 1.2.52 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's CP CALCULATED FIELDS shortcode due to insufficient input sanitization and output escaping on user-supplied `location` attribute. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.52, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the CP CALCULATED FIELDS shortcode for users with contributor-level and above permissions until a patch is available. Additionally, avoid using the `location` attribute in the affected shortcode until the issue is resolved.