Shreya Pohekar

**Name of the Vulnerable Software and Affected Versions** User registration & user profile WordPress plugin versions through 2.0 **Description** The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping in the User registration & user profile WordPress plugin. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. **Recommendations** For versions through 2.0, update to a version that includes proper CSRF checks and sanitization to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** hiWeb Migration Simple WordPress plugin versions through 2.0.0.1 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as admins. **Recommendations** For versions through 2.0.0.1, update to a version that properly sanitises and escapes parameters to prevent Reflected Cross-Site Scripting. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tiempo.com WordPress plugin versions 0.1.2 and earlier **Description** The issue concerns a lack of CSRF check when creating and editing shortcodes in the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. **Recommendations** For versions 0.1.2 and earlier, consider disabling the shortcode creation and editing functionality until a patch is available to prevent potential CSRF attacks and Stored XSS payload additions. Restrict access to the plugin's settings to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Booking Manager WordPress plugin versions prior to 2.0.29 **Description** The issue concerns a lack of validation for URLs input in the admin panel or in shortcodes for showing events from a remote .ics file. This allows an attacker with privileges as low as Subscriber to perform Server-Side Request Forgery (SSRF) attacks on the site's internal network. **Recommendations** For versions prior to 2.0.29, update to version 2.0.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin panel and shortcodes that use remote .ics files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Twittee Text Tweet WordPress plugin versions 1.0.0 through 1.0.8 **Description** The issue arises from the plugin's failure to properly escape POST values, which are then printed back to the user inside one of the plugin's administrative pages. This allows for reflected XSS attacks targeting administrators. The vulnerability can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. **Recommendations** For versions 1.0.0 through 1.0.8, consider disabling the administrative page that prints the unescaped POST values until a patch is available. Restrict access to this page to minimize the risk of exploitation. Avoid using the plugin's administrative functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Image Protector WordPress plugin versions 1.1 and earlier **Description** The issue allows high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization of some settings, even when the unfiltered html capability is disallowed, such as in multisite setups. **Recommendations** For Image Protector WordPress plugin versions 1.1 and earlier, update to a version that properly sanitizes its settings to prevent Stored Cross-Site Scripting (XSS) attacks.

**Name of the Vulnerable Software and Affected Versions** Catalyst Connect Zoho CRM Client Portal WordPress plugin versions prior to 2.1.0 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kanban Boards for WordPress versions prior to 2.5.21 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 2.5.21, update to version 2.5.21 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Push Notifications for WordPress by PushAssist WordPress plugin versions 3.0.8 and earlier **Description** The issue is related to Reflected Cross-Site Scripting, which occurs because the plugin does not properly sanitise and escape various parameters before outputting them back in pages. This could be used against high privilege users such as admin. **Recommendations** For versions 3.0.8 and earlier, update to a version later than 3.0.8 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RapidExpCart WordPress plugin versions through 1.0 **Description** The issue is related to a Stored Cross-Site Scripting vulnerability. It occurs because the `url` parameter in the "rapidexpcart" endpoint is not properly sanitized and escaped before being stored and outputted back in the page. This could be exploited against high-privilege users, such as admins. Additionally, the lack of CSRF protection allows an attacker to trick a logged-in admin into performing the attack by submitting a hidden form. **Recommendations** For RapidExpCart WordPress plugin versions through 1.0, consider disabling the "rapidexpcart" endpoint until a patch is available. Restrict access to the `url` parameter in the affected endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `url` parameter in the "rapidexpcart" endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** BizLibrary WordPress plugin versions 1.1 and earlier **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For BizLibrary WordPress plugin versions 1.1 and earlier, update to a version that addresses the sanitization and escaping of settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cloud Manager WordPress plugin versions 1.0 and earlier **Description** The issue allows unauthenticated attackers to trick a logged-in admin into triggering a XSS payload by clicking a link, due to the lack of sanitization and escaping of the query parameter `ricerca` before outputting it in an admin panel. **Recommendations** For Cloud Manager WordPress plugin versions 1.0 and earlier, update to a version that properly sanitizes and escapes user input to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Membership Database WordPress plugin version 1.0 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For Membership Database WordPress plugin version 1.0, ensure that all parameters are properly sanitised and escaped before output to prevent Reflected Cross-Site Scripting. As a temporary workaround, consider restricting access to high-privilege areas of the plugin until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** WP Custom Author URL WordPress plugin versions prior to 1.0.5 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For WP Custom Author URL WordPress plugin versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Site Reviews WordPress plugin versions prior to 6.7.1 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 6.7.1, update to version 6.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to access and modify the plugin's settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** amr ical events lists WordPress plugin versions prior to 6.7 **Description** The issue concerns the amr ical events lists WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 6.7, update to version 6.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Custom Post Type and Taxonomy GUI Manager WordPress plugin version 1.1 **Description** The issue is related to the lack of CSRF protection and insufficient sanitizing and escaping of parameters, allowing attackers to make a logged-in admin put Stored Cross-Site Scripting payloads via CSRF. This enables attackers to potentially execute malicious scripts on the site. **Recommendations** For version 1.1, consider disabling the plugin until a patch is available to mitigate the risk of Stored Cross-Site Scripting attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's features that involve user input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Article Directory WordPress plugin versions prior to 1.4 **Description** The issue arises from improper sanitization of the `publish terms text` setting, which can be exploited to conduct Stored XSS attacks, particularly in multisite environments. This could potentially allow administrators to execute malicious scripts. **Recommendations** For Article Directory WordPress plugin versions prior to 1.4, update to version 1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration panel to minimize the risk of exploitation. Avoid using the `publish terms text` setting in the administration panel until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress Amazon S3 Plugin versions prior to 1.6 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For WordPress Amazon S3 Plugin versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Time Sheets WordPress plugin versions prior to 1.29.3 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 1.29.3, update to version 1.29.3 or later to resolve the issue. As a temporary workaround, consider restricting the settings that are not properly sanitized and escaped to minimize the risk of exploitation.