Thinnawarth Mathuros

**Name of the Vulnerable Software and Affected Versions** WP-Members Membership Plugin for WordPress versions up to and including 3.5.4.4 **Description** The WP-Members Membership Plugin for WordPress stores user-uploaded files in predictable directories (`wp-content/uploads/wpmembers/user files/<user id>/`) without sufficient access controls. This allows unauthenticated attackers to directly access and download sensitive documents uploaded by site users by guessing or enumerating `user id`s and filenames. Basic directory listing protection (.htaccess with Options -Indexes) is insufficient to prevent access. **Recommendations** Versions prior to 3.5.4.4 should be updated.

**Name of the Vulnerable Software and Affected Versions** MasterStudy LMS WordPress Plugin versions through 3.7.6 **Description** The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is susceptible to unauthorized modification and deletion of data. This is due to a lack of appropriate capability checks on several REST API endpoints. Authenticated attackers possessing Subscriber-level access or higher can exploit this to perform actions such as uploading or deleting arbitrary media files, modifying or deleting posts, and creating or managing course templates. **Recommendations** Update to a version beyond 3.7.6.

**Name of the Vulnerable Software and Affected Versions** The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions prior to 7.2.2.3 **Description** The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by inadequate or missing nonce validation on the `location delete` action. An unauthenticated attacker could potentially delete locations by exploiting this flaw, provided they can trick a site administrator into performing an action, such as clicking a malicious link. **Recommendations** Update The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress to version 7.2.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions through 7.2.2.2 **Description** The Events Manager plugin for WordPress is susceptible to information disclosure. Insufficient restrictions on location inclusion within the `get location` action allow unauthenticated attackers to access data from event locations that should be protected, including those that are password-protected, private, or in draft status. **Recommendations** Update to a version later than 7.2.2.2.

**Name of the Vulnerable Software and Affected Versions** Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.6.0 **Description** The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress has a flaw related to file uploads. An incorrect capability check within the `uploadVideo()` function allows authenticated attackers with Subscriber-level access or higher to upload mp4 files to the 'wp-content/uploads/<YYYY>/<MM>/' directory. **Recommendations** Update Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress to a version later than 8.6.0.