Shrikant Bhosale

**Name of the Vulnerable Software and Affected Versions** Motors – Car Dealership & Classified Listings versions prior to 1.4.104 **Description** The plugin is subject to a payment bypass due to insecure user meta updates. The `stm save user extra fields()` function updates sensitive user meta fields from POST data without verifying if the user has the necessary permissions to modify those specific fields. Because the function hooks into the 'personal options update' action and only verifies if a user can edit their own profile, authenticated attackers with Subscriber-level access or higher can modify the `stm payment status` variable to 'completed'. This allows them to bypass PayPal payment verification and gain unauthorized access to paid Dealer membership features. **Recommendations** Update the plugin to a version later than 1.4.103.

**Name of the Vulnerable Software and Affected Versions** weDevs Happy Addons for Elementor versions prior to 3.20.9 **Description** An issue in weDevs Happy Addons for Elementor allows the retrieval of embedded sensitive system information to an unauthorized control sphere. **Recommendations** Update to a version newer than 3.20.8.

**Name of the Vulnerable Software and Affected Versions** Subscriptions for WooCommerce versions up to and including 1.9.2 **Description** The Subscriptions for WooCommerce plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the `wps sfw admin cancel susbcription()` function. The function is connected to the `init` action without proper authentication or authorization. It performs a basic check for a nonce parameter but does not validate it using `wp verify nonce()`. This allows unauthenticated attackers to cancel any active WooCommerce subscription by sending a specially crafted GET request. The request includes an arbitrary nonce value through the `wps subscription id` parameter. The API endpoint involved is not explicitly mentioned. **Recommendations** Versions prior to and including 1.9.2 should be updated to a newer, fixed version when available. As a temporary workaround, consider restricting access to the `wps sfw admin cancel susbcription()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Essential Addons for Elementor plugin for WordPress versions through 6.5.5 **Description** The Essential Addons for Elementor plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can retrieve WooCommerce product information, including products with draft, pending, or private status, which should normally be restricted. This is possible through the `eael product quickview popup` function. **Recommendations** Update the Essential Addons for Elementor plugin to a version later than 6.5.5.