Sammy Forgit

**Name of the Vulnerable Software and Affected Versions** Font Uploader plugin version 1.2.4 **Description** The issue allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension to the font-upload.php file in the Font Uploader plugin, and then accessing it via a direct request to the file in font-uploader/fonts. **Recommendations** For Font Uploader plugin version 1.2.4, consider removing or restricting access to the font-upload.php file until a patch is available, and avoid using the file upload functionality in the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Plugin Newsletter plugin version 1.5 for WordPress **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the preview.php file. This is achieved by using a .. (dot dot) in the `data` parameter. **Recommendations** For Plugin Newsletter plugin version 1.5, consider restricting access to the preview.php file until a patch is available. As a temporary workaround, avoid using the `data` parameter in the vulnerable preview.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MM Forms Community plugin versions 2.2.5 through 2.2.6 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the includes/doajaxfileupload.php file, and then accessing it via a direct request to the file in upload/temp. **Recommendations** For MM Forms Community plugin versions 2.2.5 and 2.2.6, consider disabling the file upload functionality in includes/doajaxfileupload.php until a patch is available. Restrict access to the upload/temp directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RBX Gallery plugin version 2.1 for WordPress **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `uploader.php` file, and then accessing it via a direct request to the file in `uploads/rbxslider`. **Recommendations** For RBX Gallery plugin version 2.1, consider disabling the `uploader.php` file until a patch is available to prevent remote attackers from uploading malicious files. Restrict access to the `uploads/rbxslider` directory to minimize the risk of exploitation. Avoid using the `uploader.php` file for uploading files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** wpStoreCart plugin versions prior to 2.5.30 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `php/upload.php` endpoint, and then accessing it via a direct request to the file in `uploads/wpstorecart`. **Recommendations** For versions prior to 2.5.30, update to version 2.5.30 or later to resolve the issue. As a temporary workaround, consider restricting access to the `php/upload.php` endpoint to prevent unauthorized file uploads until the update is applied.