Siyuan Shao

The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered html has been disabled.

Name of the Vulnerable Software and Affected Versions: ArielBrailovsky-ViralAd plugin for WordPress versions up to, and including, 1.0.8 Description: The issue allows unauthenticated attackers to perform SQL Injection via the `text` and `id` parameters of the `limpia()` function due to insufficient escaping on user-supplied parameters and lack of sufficient preparation on the existing SQL query. This enables attackers to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. The exploitability of this issue seems to be limited to very old versions of WordPress. Recommendations: For versions up to, and including, 1.0.8, consider updating to a version that includes a fix for this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider disabling the `limpia()` function until a patch is available. Restrict access to the `text` and `id` parameters in the affected function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ArielBrailovsky-ViralAd plugin for WordPress versions up to, and including, 1.0.8 Description: The issue allows unauthenticated attackers to perform SQL Injection via the `id` parameter of the `printResultAndDie()` function due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This enables attackers to append additional SQL queries into already existing queries, potentially extracting sensitive information from the database. The exploitability of this issue seems to be limited to very old versions of WordPress. Recommendations: For ArielBrailovsky-ViralAd plugin for WordPress versions up to, and including, 1.0.8, consider disabling the `printResultAndDie()` function until a patch is available to prevent exploitation through the `id` parameter. Restrict access to sensitive database information to minimize the risk of data extraction.

Name of the Vulnerable Software and Affected Versions: binlayerpress plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. Recommendations: For binlayerpress plugin for WordPress versions up to, and including, 1.1, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting administrator-level permissions and enabling unfiltered html to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: The Simple Amazon Affiliate plugin for WordPress versions up to, and including, 1.0.9 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping via the `msg` parameter. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Recommendations: For versions up to, and including, 1.0.9, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `msg` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: BlogBuzzTime for WP plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. Recommendations: For versions up to, and including, 1.1, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation.