Tarcísio Luchesi De Almeida Silva

**Name of the Vulnerable Software and Affected Versions** Broadstreet plugin for WordPress versions prior to 1.52.3 **Description** The plugin contains an Insecure Direct Object Reference (IDOR) issue, which occurs when an application provides direct access to objects based on user-supplied input. This flaw exists in the 'get sponsored meta' AJAX action due to a lack of validation on a user-controlled key. Authenticated attackers with Subscriber-level access or higher can exploit this to disclose private post metadata. **Recommendations** Update the plugin to a version later than 1.52.2. As a temporary workaround, restrict access to the 'get sponsored meta' AJAX action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** URL Shortify plugin for WordPress versions prior to 1.12.2 **Description** The URL Shortify plugin for WordPress is susceptible to an Open Redirect issue in all versions up to and including 1.12.1. This is due to inadequate validation of the `redirect to` parameter within the promotional dismissal handler. An unauthenticated attacker can exploit this to redirect users to potentially malicious websites using a specially crafted link. The vulnerable parameter is `redirect to`. **Recommendations** Update the URL Shortify plugin to version 1.12.2 or later.

**Name of the Vulnerable Software and Affected Versions** Taskbuilder – WordPress Project Management & Task Management plugin versions prior to 5.0.3 **Description** The Taskbuilder plugin for WordPress is susceptible to a time-based blind SQL injection. This is due to inadequate input sanitization of user-supplied parameters and insufficient query preparation. Specifically, the `order` and `sort by` parameters are vulnerable. Authenticated attackers with subscriber-level access or higher can inject additional SQL queries into existing database queries, potentially extracting sensitive information. **Recommendations** Update the Taskbuilder – WordPress Project Management & Task Management plugin to version 5.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Taskbuilder – WordPress Project Management & Task Management plugin versions prior to 5.0.3 **Description** The Taskbuilder plugin for WordPress is affected by an authorization bypass issue. Insufficient authorization checks on project and task comment submission functions allow authenticated attackers with subscriber-level access or higher to create comments on any project or task, even those they are not authorized to view. Attackers can inject arbitrary HTML and CSS through the `comment body` parameter via the `wppm submit proj comment` and `wppm submit task comment` AJAX actions. **Recommendations** Update Taskbuilder – WordPress Project Management & Task Management plugin to version 5.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** Booking Calendar versions prior to 10.14.15 **Description** The Booking Calendar plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from inadequate validation of a user-controlled key within the `handle ajax save` function. Authenticated attackers possessing Subscriber-level access or higher, and with booking permissions granted by an Administrator, can potentially modify other users' plugin settings, such as booking calendar display options. Successful exploitation can disrupt the booking calendar functionality for targeted users. **Recommendations** Update Booking Calendar to version 10.14.15 or later.