Theviper17Y

**Name of the Vulnerable Software and Affected Versions** Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress versions up to, and including, 2.7.5 **Description** The issue allows authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application via the `embeddoc` shortcode. This can be used to query and modify information from internal services. **Recommendations** For versions up to, and including, 2.7.5, update to a version higher than 2.7.5 to resolve the issue. As a temporary workaround, consider restricting access to the `embeddoc` shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Read More & Accordion plugin for WordPress versions up to, and including, 3.4.2 **Description** The issue is related to a missing capability check on the `expmDeleteData()` function, which allows authenticated attackers with Subscriber-level access and above to delete arbitrary 'read more' posts, resulting in unauthorized modification and loss of data. **Recommendations** For versions up to, and including, 3.4.2, consider disabling the `expmDeleteData()` function until a patch is available to prevent unauthorized data deletion. Restrict access to the plugin's functionality to minimize the risk of exploitation, ensuring only authorized users can modify or delete 'read more' posts.

**Name of the Vulnerable Software and Affected Versions** Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress versions up to, and including, 1.3.8.5 **Description** The issue is related to insufficient file path validation in the `dnd codedropz upload delete()` function, allowing unauthenticated attackers to delete a limited number of arbitrary files on the server. However, it is not possible to delete critical files such as `wp-config.php`, which would enable remote code execution (RCE). **Recommendations** For versions up to, and including, 1.3.8.5, update to a version higher than 1.3.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the `dnd codedropz upload delete()` function until a patch is available. Additionally, monitor server logs for suspicious file deletion activity to minimize potential damage.

**Name of the Vulnerable Software and Affected Versions** The Custom Login Page Styler – Limit Login Attempts – Restrict Content With Login – Redirect After Login – Change Login URL – Sign in , Sign out plugin for WordPress versions up to, and including, 7.1.1 **Description** The issue is related to unauthorized access due to a missing capability check on the `lps handle delete all logs()`, `lps handle delete login log()`, and `lps handle end session()` functions. This allows authenticated attackers with Subscriber-level access and above to delete login logs and end user sessions. **Recommendations** For versions up to, and including, 7.1.1, consider disabling the `lps handle delete all logs()`, `lps handle delete login log()`, and `lps handle end session()` functions until a patch is available to prevent unauthorized access. Restrict access to these functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MDTF – Meta Data and Taxonomies Filter plugin for WordPress versions up to, and including, 1.3.3.6 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'mdf results by ajax' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.3.3.6, update to a version higher than 1.3.3.6 to resolve the issue. As a temporary workaround, consider disabling the `mdf results by ajax` shortcode until a patch is available. Restrict access to the `mdf results by ajax` shortcode to minimize the risk of exploitation. Avoid using user-supplied attributes in the affected shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.12 **Description** The issue is related to time-based SQL Injection via the Login Attempts module due to insufficient escaping on the `user supplied parameter` and lack of sufficient preparation on the existing SQL query. This allows unauthenticated attackers to append additional SQL queries into already existing queries, which can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 3.0.12, update to a version higher than 3.0.12 to resolve the issue. As a temporary workaround, consider restricting access to the Login Attempts module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SKT Page Builder plugin for WordPress versions up to, and including, 4.6 **Description** The issue allows for arbitrary file uploads due to a missing capability check on the `addLibraryByArchive` function. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. **Recommendations** For versions up to, and including, 4.6, update to a version that includes a fix for the missing capability check on the `addLibraryByArchive` function to prevent arbitrary file uploads. As a temporary workaround, consider disabling the `addLibraryByArchive` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Skyword API Plugin for WordPress versions up to, and including, 2.5.2 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'skyword iframe' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.5.2, consider disabling the `skyword iframe` shortcode until a patch is available to prevent exploitation. Restrict access to pages that use this shortcode to minimize the risk of arbitrary web script execution. Update to a version that includes the fix for this issue once it becomes available.

**Name of the Vulnerable Software and Affected Versions** Quill Forms plugin for WordPress versions up to, and including, 3.10.0 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.10.0, update to a version later than 3.10.0 to resolve the issue. As a temporary workaround, consider restricting access to the 'quillforms-popup' shortcode to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress versions up to, and including, 1.9.7 **Description** The issue is related to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.9.7, update to a version later than 1.9.7 to resolve the issue. As a temporary workaround, consider restricting access to the 'responsive-block-editor-addons/portfolio' block to minimize the risk of exploitation. Additionally, ensure that all users with Contributor-level access and above are trusted, as they have the ability to inject malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin versions up to, and including, 3.0.2 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.0.2, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the 'ticketshop' shortcode to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress versions up to, and including, 2.15.14 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's `spoki button` shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.15.14, update to a version higher than 2.15.14 to resolve the issue. As a temporary workaround, consider restricting access to the `spoki button` shortcode to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Taeggie Feed plugin for WordPress versions up to, and including, 0.1.9 **Description** The issue is related to stored cross-site scripting via the plugin's 'taeggie-feed' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 0.1.9, update to the latest version available to secure the site and mitigate potential threats. As a temporary workaround, consider restricting access to the 'taeggie-feed' shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TPG Get Posts plugin for WordPress versions up to, and including, 3.6.5 **Description** The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg get posts' shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.6.5, update to the latest version immediately to mitigate risks. As a temporary workaround, consider disabling the `tpg get posts` shortcode until a patch is available. Restrict access to the `tpg get posts` shortcode to minimize the risk of exploitation. Review security best practices to safeguard your site.

**Name of the Vulnerable Software and Affected Versions** Animated Counters plugin for WordPress versions up to, and including, 2.0 **Description** The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** Update to the latest version of the Animated Counters plugin for WordPress to mitigate potential risks. As a temporary workaround, consider restricting access to the 'animatedcounte' shortcode until a patch is available. Avoid using the 'animatedcounte' shortcode with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Connatix Video Embed plugin for WordPress versions up to, and including, 1.0.5 **Description** The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx script code' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.0.5, update the Connatix Video Embed plugin for WordPress to a version later than 1.0.5 to mitigate the risk of Stored Cross-Site Scripting. As a temporary workaround, consider disabling the `cnx script code` shortcode until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wp photo text slider 50 plugin for WordPress versions up to, and including, 8.1 **Description** The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 8.1, update to a version later than 8.1 to mitigate the risk of Stored Cross-Site Scripting. As a temporary workaround, consider restricting access to the 'wp-photo-slider' shortcode until a patch is available. Avoid using the 'wp-photo-slider' shortcode in pages that can be accessed by untrusted users until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Crowdfunding plugin for WordPress versions up to, and including, 2.1.12 **Description** The issue is related to Stored Cross-Site Scripting via the "wp-crowdfunding/search" block due to insufficient input sanitization and output escaping. This allows authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.1.12, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the "wp-crowdfunding/search" block until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Snippet Shortcodes plugin for WordPress versions up to and including 4.1.6 **Description** The issue is related to missing authorization, allowing authenticated attackers with Subscriber-level access and above to delete the plugin's shortcodes. A nonce is used as authentication, but its value is leaked, enabling the unauthorized deletion. **Recommendations** For versions up to and including 4.1.6, update to a version higher than 4.1.6 to resolve the issue. As a temporary workaround, consider restricting access to the shortcodes deletion functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Integrate Firebase plugin for WordPress versions up to and including 0.9.3 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'firebase show' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to and including 0.9.3, update to a version higher than 0.9.3 to resolve the issue. As a temporary workaround, consider restricting access to the 'firebase show' shortcode until a patch is available. Restrict contributor-level access and above to minimize the risk of exploitation.