Stephanie Walters

**Name of the Vulnerable Software and Affected Versions** Stop Spammers Classic plugin for WordPress versions through 2026.1 **Description** The software is susceptible to Cross-Site Request Forgery due to a lack of nonce validation in the ss addtoallowlist class. This allows unauthenticated attackers to add arbitrary email addresses to the spam allowlist by deceiving a site administrator into performing an action, such as clicking a link. The issue was partially addressed in version 2026.1. **Recommendations** Update to a version beyond 2026.1.

**Name of the Vulnerable Software and Affected Versions** User Profile Picture plugin for WordPress versions up to, and including, 2.6.1 **Description** The issue allows authenticated attackers with Author-level access and above to update the profile picture of any user due to missing validation on a user-controlled key in the `rest api change profile image` function. This is an Insecure Direct Object Reference issue. **Recommendations** For versions up to, and including, 2.6.1, consider disabling the `rest api change profile image` function until a patch is available to prevent exploitation. Restrict access to the User Profile Picture plugin to minimize the risk of unauthorized profile picture updates.

**Name of the Vulnerable Software and Affected Versions** Rbs Image Gallery plugin for WordPress versions up to, and including, 3.2.19 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `rbs ajax create article` and `rbs ajax reset views` functions. This allows unauthenticated attackers to create new posts and reset gallery view counts via a forged request if they can trick a Contributor+ level user into performing an action such as clicking on a link. **Recommendations** For Rbs Image Gallery plugin for WordPress versions up to, and including, 3.2.19: Update to a version that includes the fix for the nonce validation issue in the `rbs ajax create article` and `rbs ajax reset views` functions. As a temporary workaround, consider restricting access to the `rbs ajax create article` and `rbs ajax reset views` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Salon booking system plugin for WordPress versions up to, and including, 9.9 **Description** The issue allows unauthorized access and modification of data due to a missing capability check on several functions hooked into `admin init`. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users. **Recommendations** For versions up to, and including, 9.9, upgrade to a version higher than 9.9 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings and discount codes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.6.5 **Description** The issue is related to missing file type validation in the `save post materials` function, allowing authenticated attackers with Instructor-level permissions and above to upload arbitrary files on the affected site's server. This could potentially lead to remote code execution. **Recommendations** For versions up to, and including, 4.2.6.5, consider disabling the `save post materials` function until a patch is available to prevent arbitrary file uploads. Restrict access to file upload functionality to minimize the risk of exploitation.