Tieu Pham Trong Nhan

**Name of the Vulnerable Software and Affected Versions** RomethemeKit For Elementor plugin for WordPress versions up to, and including, 1.5.3 **Description** The issue allows authenticated attackers with Subscriber-level access and above to modify plugin settings or reset plugin widgets to their default state. This is due to a missing capability check on the `save options` and `reset widgets` functions. **Recommendations** For versions up to, and including, 1.5.3, update to a version that fully addresses the issue, as version 1.5.3 only partially fixes the problem. As a temporary workaround, consider restricting access to the `save options` and `reset widgets` functions to prevent unauthorized modification of data.

**Name of the Vulnerable Software and Affected Versions** The BuddyPress WooCommerce My Account Integration plugin versions up to, and including, 3.4.24 **Description** The issue is related to a missing capability check on the `wc4bp delete page()` function, allowing authenticated attackers with Subscriber-level access and above to update the plugin's page setting. **Recommendations** For versions up to, and including, 3.4.24, update to a version that includes a fix for the missing capability check in the `wc4bp delete page()` function. As a temporary workaround, consider restricting access to the `wc4bp delete page()` function to prevent unauthorized updates to the plugin's page setting.

**Name of the Vulnerable Software and Affected Versions** The BuddyPress WooCommerce My Account Integration plugin versions up to, and including, 3.4.25 **Description** The issue is related to a missing capability check on the `wc4bp delete page()` function, allowing authenticated attackers with Subscriber-level access and above to update the plugin's page setting. **Recommendations** For versions up to, and including, 3.4.25, consider disabling the `wc4bp delete page()` function until a patch is available to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress versions up to, and including, 4.4.6 **Description** The issue concerns unauthorized modification of data or loss of data due to a missing capability check on the `update voucher price`, `update voucher date`, and `update voucher note` functions. This allows unauthenticated attackers to update the value, expiration date, and user note for any gift voucher. **Recommendations** For versions up to, and including, 4.4.6, update to a version higher than 4.4.6 to resolve the issue. As a temporary workaround, consider disabling the `update voucher price`, `update voucher date`, and `update voucher note` functions until a patch is available. Restrict access to the gift voucher management interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Raptive Ads plugin for WordPress versions up to, and including, 3.6.3 **Description** The issue is related to a missing capability check on the `site ads files reset()` and `cls file reset()` functions. This allows unauthenticated attackers to reset the ad and cls files. **Recommendations** For versions up to, and including, 3.6.3, update to a version that includes a fix for the missing capability check on the `site ads files reset()` and `cls file reset()` functions. As a temporary workaround, consider disabling the `site ads files reset()` and `cls file reset()` functions until a patch is available. Restrict access to the ad and cls files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The RapidLoad – Optimize Web Vitals Automatically plugin for WordPress versions up to, and including, 2.4.4 **Description** The issue allows authenticated attackers with Subscriber-level access and above to reset some of the plugin's settings due to a missing capability check on the `ajax deactivate()` function. This enables unauthorized modification of data. **Recommendations** For versions up to, and including, 2.4.4, update to a version that includes a fix for the missing capability check in the `ajax deactivate()` function to prevent unauthorized modification of data. As a temporary workaround, consider restricting access to the `ajax deactivate()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Safe Ai Malware Protection for WP plugin for WordPress versions up to, and including, 1.0.17 **Description** The issue is related to unauthorized access of data due to a missing capability check on the `export db()` function. This allows unauthenticated attackers to retrieve a complete dump of the site's database. **Recommendations** For versions up to, and including, 1.0.17, update to a version higher than 1.0.17 to resolve the issue. As a temporary workaround, consider disabling the `export db()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Spexo Addons for Elementor – Free Elementor Addons, Widgets and Templates plugin for WordPress versions up to, and including, 1.0.14 **Description** The issue is related to a missing capability check in the `tmpcoder theme install func()` function, allowing authenticated attackers with Subscriber-level access and above to install a theme. This enables unauthorized access to the system. **Recommendations** For versions up to, and including, 1.0.14, update to a version higher than 1.0.14 to resolve the issue. As a temporary workaround, consider restricting access to the `tmpcoder theme install func()` function until a patch is available. Additionally, restrict theme installation capabilities to only authorized users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Atarim plugin for WordPress versions up to, and including, 4.0.9 **Description** The issue is related to a missing capability check on the `wpf delete file` function, allowing unauthenticated attackers to delete project pages and files. This results in unauthorized loss of data. **Recommendations** For versions up to, and including, 4.0.9, update to a version higher than 4.0.9 to resolve the issue. As a temporary workaround, consider disabling the `wpf delete file` function until a patch is available. Restrict access to project pages and files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Responsive FlipBook Plugin for WordPress versions up to, and including, 2.5.0 **Description** The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping in the `rfbwp save settings()` function. This allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.5.0, consider disabling the `rfbwp save settings()` function until a patch is available to prevent exploitation. Restrict access to settings pages to minimize the risk of arbitrary web script injection. Avoid using the plugin until an updated version that addresses the insufficient input sanitization and output escaping is released.

**Name of the Vulnerable Software and Affected Versions** The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress versions up to, and including, 1.3.4 **Description** The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to updating their password through the `update user profile()` function. This allows unauthenticated attackers to change arbitrary user's passwords, including administrators, and gain access to their account. **Recommendations** For versions up to, and including, 1.3.4, update to a version that properly validates user identity before allowing password updates, or as a temporary workaround, consider disabling the `update user profile()` function until a patch is available. Restrict access to user profile updates to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Social Rocket – Social Sharing Plugin versions up to, and including, 1.3.4 **Description** The issue allows authenticated attackers with Subscriber-level access and above to update the plugin's settings due to a missing capability check on the `tweet settings save()` and `tweet settings update()` functions. This enables unauthorized modification of data. **Recommendations** For versions up to, and including, 1.3.4, consider disabling the `tweet settings save()` and `tweet settings update()` functions until a patch is available to prevent unauthorized updates to the plugin's settings. Restrict access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordLift – AI powered SEO – Schema plugin for WordPress versions prior to 3.54.0 **Description** The issue arises from a missing capability check on the 'wl config plugin' AJAX action, allowing unauthenticated attackers to update the plugin's settings. This enables unauthorized access to the plugin's configuration. **Recommendations** For versions prior to 3.54.0, update to version 3.54.0 or later to resolve the issue. As a temporary workaround, consider disabling the 'wl config plugin' AJAX action until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jupiter X Core plugin for WordPress versions up to, and including, 4.8.5 **Description** The issue is related to unauthorized access of data due to a missing capability check on the `export popup action()` function. This allows unauthenticated attackers to export popup templates. **Recommendations** For versions up to, and including, 4.8.5, update to a version that includes a fix for the missing capability check in the `export popup action()` function. As a temporary workaround, consider disabling the `export popup action()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress versions up to, and including, 6.0.0 **Description** The issue is related to unauthorized access of data due to a missing capability check on the `handle block shortcode export()` function. This allows authenticated attackers with Subscriber-level access and above to export shortcodes. **Recommendations** For versions up to, and including, 6.0.0, consider disabling the `handle block shortcode export()` function until a patch is available to prevent unauthorized data access. Restrict access to the export functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jupiter X Core plugin for WordPress versions up to, and including, 4.8.5 **Description** The issue is related to a missing capability check on the `sync libraries()` function, allowing authenticated attackers with Subscriber-level access and above to sync libraries. This enables unauthorized access to the plugin's functionality. **Recommendations** For versions up to, and including, 4.8.5, consider disabling the `sync libraries()` function until a patch is available to prevent unauthorized library synchronization. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress versions up to, and including, 3.6.16 **Description** The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. When DirectoryPress Frontend is installed, this can be exploited by unauthenticated users. **Recommendations** For versions up to, and including, 3.6.16, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting via SVG File uploads. As a temporary workaround, consider restricting access to SVG file uploads for unauthenticated users and users below author-level access until a patch is available. Restrict access to the `DirectoryPress Frontend` to minimize the risk of exploitation by unauthenticated users.

**Name of the Vulnerable Software and Affected Versions** Print Invoice & Delivery Notes for WooCommerce plugin for WordPress versions up to, and including, 5.4.0 **Description** The issue is due to a missing capability check on the `wcdn remove shoplogo` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo. **Recommendations** For versions up to, and including, 5.4.0, update to a version that includes a fix for the missing capability check on the `wcdn remove shoplogo` AJAX action. As a temporary workaround, consider disabling the `wcdn remove shoplogo` AJAX action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.10.12 **Description** The issue is related to unauthorized access of data due to a missing capability check on the `get layouts()` function. This allows authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. **Recommendations** For versions up to, and including, 5.10.12, consider disabling the `get layouts()` function until a patch is available to prevent unauthorized access to layout templates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Crowdfunding plugin for WordPress versions up to, and including, 2.1.12 **Description** The issue is related to a missing capability check on the `install woocommerce plugin()` function action, allowing authenticated attackers with Subscriber-level access and above to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement. **Recommendations** For WP Crowdfunding plugin for WordPress versions up to, and including, 2.1.12, update to a version higher than 2.1.12 to resolve the issue. As a temporary workaround, consider restricting access to the `install woocommerce plugin()` function to minimize the risk of exploitation.