Sun*Inc

**Name of the Vulnerable Software and Affected Versions** PowerPack Lite for Beaver Builder plugin for WordPress versions up to, and including, 1.3.0.5 **Description** The issue is a Reflected Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. The vulnerability is exploited via the `navigate` parameter. **Recommendations** For versions up to, and including, 1.3.0.5, update to a version later than 1.3.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the `navigate` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Contact Form 7 Email Add on plugin for WordPress versions up to, and including, 1.9 **Description** The issue allows authenticated attackers with Contributor-level access and above to include and execute arbitrary PHP files on the server. This is possible via the `cf7 email add on add admin template()` function, making it possible to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. **Recommendations** For versions up to, and including, 1.9, consider disabling the `cf7 email add on add admin template()` function as a temporary workaround until a patch is available. Restrict access to sensitive data and PHP files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kognetiks Chatbot for WordPress plugin versions up to, and including, 2.1.7 **Description** The Kognetiks Chatbot for WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dir` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 2.1.7, update the plugin to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `dir` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Contact Form 7 Redirect & Thank You Page plugin for WordPress versions up to, and including, 1.0.6 **Description** The issue is related to Reflected Cross-Site Scripting via the `tab` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 1.0.6, update to a version later than 1.0.6 to mitigate the risk. As a temporary workaround, consider restricting access to the `tab` parameter in the affected plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Category Ajax Filter plugin for WordPress versions up to, and including, 2.8.2 **Description** The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion via the `params[caf-post-layout]` parameter. This allows unauthenticated attackers to include and execute arbitrary files on the server, enabling the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files with a .php extension can be uploaded and included. **Recommendations** For versions up to, and including, 2.8.2: Update to the latest version immediately to mitigate risks. As a temporary workaround, consider restricting access to the `params[caf-post-layout]` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Media Library Assistant plugin for WordPress versions up to, and including, 3.17 **Description** The issue is related to Reflected Cross-Site Scripting via the `order` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 3.17, update to a version higher than 3.17 to resolve the issue. As a temporary workaround, consider restricting access to the `order` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications versions up to, and including, 2.9.3 **Description** The issue allows for time-based SQL Injection via the `selected` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator access or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 2.9.3, update to a version higher than 2.9.3 to resolve the issue. As a temporary workaround, consider restricting access to the `selected` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Media Library Assistant plugin for WordPress versions up to, and including, 3.15 **Description** The issue is related to Reflected Cross-Site Scripting via the `lang` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. The vulnerability is being actively exploited. **Recommendations** For versions up to, and including, 3.15, consider disabling the `lang` parameter until a patch is available to prevent exploitation. Restrict access to the Media Library Assistant plugin to minimize the risk of exploitation. Avoid using the `lang` parameter in affected pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.