Thiago Martins

**Name of the Vulnerable Software and Affected Versions** All-in-One WP Migration WordPress plugin versions prior to 7.63 **Description** The issue allows an attacker to craft a request that, when submitted by any visitor, will inject arbitrary HTML or JavaScript into the response, which will be executed in the victim's session. This requires knowledge of a static secret key. The problem arises from the wrong content type being used and the response from the `ai1wm export` AJAX action not being properly escaped. **Recommendations** For versions prior to 7.63, update to version 7.63 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ai1wm export` AJAX action until a patch is available. Avoid using the All-in-One WP Migration WordPress plugin with untrusted visitors until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Classima WordPress theme versions prior to 2.1.11 Classified Listing versions prior to 2.2.14 Classified Listing Pro versions prior to 2.0.20 Classified Listing Store & Membership versions prior to 1.4.20 Classima Core versions prior to 1.10 **Description** The issue is related to Reflected Cross-Site Scripting, where a parameter is not properly escaped before being outputted back in attributes. This can lead to malicious scripts being executed. **Recommendations** For Classima WordPress theme version prior to 2.1.11, update to version 2.1.11 or later. For Classified Listing version prior to 2.2.14, update to version 2.2.14 or later. For Classified Listing Pro version prior to 2.0.20, update to version 2.0.20 or later. For Classified Listing Store & Membership version prior to 1.4.20, update to version 1.4.20 or later. For Classima Core version prior to 1.10, update to version 1.10 or later.

**Name of the Vulnerable Software and Affected Versions** Classified Listing Pro WordPress plugin versions prior to 2.0.20 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly escape a generated URL before outputting it back in an attribute on an admin page. This can lead to malicious scripts being executed. **Recommendations** For versions prior to 2.0.20, update to version 2.0.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the vulnerability occurs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Download Monitor WordPress plugin versions prior to 4.5.91 **Description** The issue allows high privilege users, such as administrators, to download sensitive files like `wp-config.php` or `/etc/passwd`, even in hardened environments or multisite setups, because it does not ensure that files to be downloaded are inside the blog folders and not sensitive. **Recommendations** For versions prior to 4.5.91, update to version 4.5.91 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.9.7 through 3.11.10 Moodle versions 3.10.4 **Description** The issue is related to the lack of protection for the web page structure in Moodle, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. Specifically, in certain Moodle products, after creating a course, it is possible to add a resource to an arbitrary "Topic", in this case, a "Database" with the type "Text", where the `Field name` and `Field description` values are vulnerable to stored XSS. **Recommendations** For Moodle versions 3.9.7, update to a version later than 3.9.7. For Moodle versions 3.10.4, update to a version later than 3.10.4. For Moodle versions 3.11.x prior to 3.11.10, update to version 3.11.10 or later. As a temporary workaround, consider restricting access to the "Database" resource with the type "Text" in arbitrary "Topics" until a patch is available. Avoid using the `Field name` and `Field description` values in the affected "Database" resource until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenStack Neutron versions before 2013.2.4 OpenStack Neutron versions 2014.x before 2014.1.2 OpenStack Neutron Juno before Juno-2 **Description** The issue allows remote authenticated users to cause a denial of service, specifically an IPv4 address attachment outage, by attaching an IPv6 private subnet to a L3 router. **Recommendations** For OpenStack Neutron versions before 2013.2.4, update to version 2013.2.4 or later. For OpenStack Neutron versions 2014.x before 2014.1.2, update to version 2014.1.2 or later. For OpenStack Neutron Juno before Juno-2, update to Juno-2 or later.