Son Tran

**Name of the Vulnerable Software and Affected Versions** Advanced Ads plugin for WordPress versions up to, and including, 1.52.1 **Description** The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the `placement slug` parameter. This allows authenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **Recommendations** For versions up to, and including, 1.52.1, consider disabling the deserialization of untrusted input in the `placement slug` parameter as a temporary workaround until a patch is available. Restrict access to sensitive data and files to minimize the risk of exploitation. Avoid using the `placement slug` parameter in untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9.2 **Description** The issue is related to Stored Cross-Site Scripting via the `exad infobox animating mask style` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 2.6.9.2, update to a version higher than 2.6.9.2 to resolve the issue. As a temporary workaround, consider restricting access to the `exad infobox animating mask style` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.96 **Description** The issue is related to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags due to insufficient input sanitization and output escaping on user supplied attributes, such as `HTML tags`. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 1.3.96, update to a version higher than 1.3.96 to resolve the issue. As a temporary workaround, consider restricting access to the Image Grid & Advanced Text widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SEOPress – On-site SEO plugin for WordPress versions up to, and including, 7.5.2.1 **Description** The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with author access or higher to inject arbitrary web scripts via the `image alt` parameter. This enables the execution of injected scripts whenever a user accesses an affected page. **Recommendations** For versions up to, and including, 7.5.2.1, update to a version higher than 7.5.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the image alt parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.10 **Description** The issue is related to Stored Cross-Site Scripting via the `alignment` parameter in the Woo Product Carousel widget. This is due to insufficient input sanitization and output escaping, allowing authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.9.10, update to a version higher than 5.9.10 to resolve the issue. As a temporary workaround, consider restricting access to the Woo Product Carousel widget to minimize the risk of exploitation. Avoid using the `alignment` parameter in the Woo Product Carousel widget until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.4 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Calendy widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.10.4, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Calendy widget for users with contributor-level access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VK All in One Expansion Unit plugin for WordPress versions up to, and including, 9.96.0.1 **Description** The issue is related to Stored Cross-Site Scripting via the child page index widget due to insufficient input sanitization and output escaping on user-supplied attributes such as `className`. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 9.96.0.1, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the child page index widget for users with contributor-level and above permissions until a patch is available. Additionally, restrict the use of user-supplied attributes such as `className` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress versions up to, and including, 3.9.12 **Description** The issue is related to Stored Cross-Site Scripting via the EmbedPress document widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.9.12, update to a version higher than 3.9.12 to resolve the issue. As a temporary workaround, consider restricting access to the EmbedPress document widget to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Translate WordPress and go Multilingual – Weglot plugin for WordPress versions up to, and including, 4.2.5 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's widget/block due to insufficient input sanitization and output escaping on user-supplied attributes such as `className`. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.2.5, update to a version later than 4.2.5 to resolve the issue. As a temporary workaround, consider restricting access to the widget/block feature to minimize the risk of exploitation. Avoid using the `className` attribute in the affected widget/block until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.0 **Description** The issue is related to insufficient validation of incoming requests, allowing an authenticated user with Connection edit privileges to access connection information and exploit the test connection feature. This can lead to a denial of service (DoS) condition on the server by sending many requests. Malicious actors can also establish harmful connections with the server. **Recommendations** For versions prior to 2.7.0, upgrade to version 2.7.0 or newer to mitigate the risk associated with this issue. As a temporary workaround, consider restricting access to the test connection feature until a patch is available. Administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.0 **Description** The issue is related to a session fixation vulnerability in the Airflow web interface, allowing an authenticated user to continue accessing the webserver even after their password has been reset by an admin. This vulnerability can be exploited by a remote attacker to hijack a user's session. When using the database session backend, existing sessions of the user are invalidated when the password is reset. However, when using the securecookie session backend, sessions are not invalidated and require changing the secure key and restarting the webserver. Users resetting their passwords are informed about this with a flash message warning in the UI. **Recommendations** Upgrade to Apache Airflow version 2.7.0 or newer to mitigate the risk associated with this issue. As a temporary workaround, consider manually cleaning the session database for the database session backend or changing the secure key and restarting the webserver for the securecookie session backend.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow Apache Hive Provider versions prior to 6.1.2 **Description** The issue is related to improper input validation, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Apache Airflow Apache Hive Provider versions prior to 6.1.2, update the provider version to 6.1.2 to avoid this issue.

**Name of the Vulnerable Software and Affected Versions** TG Soft Vir.IT eXplorer version 9.4.86.0 **Description** A problematic issue affects the function `0x82730088` in the library `VIRAGTLT.sys` of the component IoControlCode Handler, leading to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. **Recommendations** For version 9.4.86.0, upgrade to version 9.5 to address this issue. As a temporary workaround, consider disabling the `0x82730088` function in the `VIRAGTLT.sys` library until the upgrade is applied. Restrict access to the IoControlCode Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow AWS Provider versions prior to 7.2.1 **Description** The issue is related to the generation of error messages containing sensitive information in the Apache Airflow AWS Provider. **Recommendations** For versions prior to 7.2.1, update to version 7.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.5.1 Apache Airflow MySQL Provider versions prior to 4.0.0 **Description** The issue is related to the improper neutralization of special elements used in a command, which can lead to command injection. This can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Apache Airflow versions prior to 2.5.1, update to version 2.5.1 or later. For Apache Airflow MySQL Provider versions prior to 4.0.0, update to version 4.0.0 or later. As a temporary workaround, consider restricting access to sensitive commands and parameters to minimize the risk of exploitation.