Tmrswrr

**Name of the Vulnerable Software and Affected Versions** Form Vibes – Database Manager for Forms plugin for WordPress versions up to and including 1.4.13 **Description** The software contains a SQL Injection issue due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries. Specifically, the `params` parameter is vulnerable. This allows authenticated attackers with Administrator-level access or higher to inject additional SQL queries into existing ones, potentially extracting sensitive information from the database. **Recommendations** Update Form Vibes – Database Manager for Forms plugin for WordPress to a version later than 1.4.13.

**Name of the Vulnerable Software and Affected Versions** Textpattern CMS version 4.8.8 **Description** Textpattern CMS contains a stored cross-site scripting issue in the article excerpt field. Authenticated users can inject malicious scripts into the excerpt. When an article is viewed by other users, the injected JavaScript payloads will execute. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Directory Kit versions prior to 1.4.8 **Description** The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the `hide fields` and `attr search` parameter. Insufficient input sanitization and inadequate SQL query preparation allow unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. **Recommendations** Update WP Directory Kit to version 1.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** ElkArte Forum version 1.1.9 **Description** Authenticated administrators can achieve remote code execution by uploading malicious PHP files during the theme installation process. This is possible by uploading a ZIP archive containing a PHP file with system commands, which is then executed when the file is accessed within the theme directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Akaunting version 3.1.8 **Description** Akaunting version 3.1.8 is affected by a server-side template injection issue. Authenticated administrators can inject template expressions into several form input fields, including those for items, taxes, transactions, and vendor names. This allows attackers to perform arithmetic operations and string manipulations by injecting template payloads. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microweber version 2.0.15 **Description** The software contains a stored cross-site scripting issue that allows authenticated attackers to inject malicious scripts into user profile fields. Specifically, attackers can input script payloads into the first name field. This script will execute when a user profile is viewed, potentially leading to session cookie theft and arbitrary JavaScript execution. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the first name field in user profiles.

**Name of the Vulnerable Software and Affected Versions** Flatboard version 3.2 **Description** An authenticated administrator can inject malicious scripts in forum information fields, leading to a stored cross-site scripting issue. Attackers can insert JavaScript payloads that execute when other users view the forum. This could result in the theft of session cookies and the execution of client-side scripts. The affected functionality involves forum information fields. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyroCMS version 3.0.1 **Description** The software contains a stored cross-site scripting issue in the admin redirects configuration. Attackers can inject malicious scripts by inserting a payload into the 'Redirect From' field. This allows for the execution of arbitrary JavaScript when administrators view the redirects page. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the 'Redirect From' field to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** CE Phoenix version 3.0.1 **Description** CE Phoenix version 3.0.1 has a stored cross-site scripting issue within the currencies administration panel. An attacker can inject malicious scripts by inserting XSS payloads into the title field. When administrators view the currencies page, the injected JavaScript will execute. The vulnerability allows for the execution of arbitrary JavaScript. **Recommendations** Apply a fix to sanitize the title field in the currencies administration panel to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Loaded Commerce version 6.6 **Description** Loaded Commerce contains a client-side template injection, which occurs when untrusted user input is embedded into a web template, allowing an attacker to inject their own templates. This issue allows unauthenticated attackers to execute arbitrary code in the victim's browser context or on the server via the `search` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Directory Kit versions up to and including 1.4.6 **Description** The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the `search` parameter. This is due to inadequate input sanitization and insufficient preparation of existing SQL queries. An authenticated attacker with Administrator-level access or higher can inject additional SQL queries, potentially extracting sensitive information from the database. **Recommendations** Update WP Directory Kit to a version newer than 1.4.6.

**Name of the Vulnerable Software and Affected Versions** WP Directory Kit versions prior to 1.4.4 **Description** The WP Directory Kit plugin for WordPress is susceptible to SQL Injection through the `columns search` parameter of the `select 2 ajax()` function. Insufficient input sanitization and inadequate SQL query preparation allow unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database. **Recommendations** Update WP Directory Kit to version 1.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** WP All Import versions up to and including 3.9.6 **Description** The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is susceptible to Remote Code Execution. This is caused by the use of `eval()` on unsanitized user-supplied input within the `pmxi if` function located in `helpers/functions.php`. Authenticated attackers with import capabilities can inject and execute arbitrary PHP code on the server through crafted import templates. This could lead to remote code execution. **Recommendations** Update WP All Import to a version newer than 3.9.6.

**Name of the Vulnerable Software and Affected Versions** AIO Forms – Craft Complex Forms Easily plugin for WordPress versions through 1.3.15 **Description** The AIO Forms – Craft Complex Forms Easily plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the import functionality. This allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution. **Recommendations** Update AIO Forms – Craft Complex Forms Easily plugin to a version later than 1.3.15.

**Name of the Vulnerable Software and Affected Versions** My auctions allegro plugin for WordPress versions through 3.6.31 **Description** The software contains a SQL Injection issue due to insufficient escaping of the `order` parameter and inadequate preparation of the SQL query. This allows authenticated attackers with Administrator-level access or higher to append SQL queries, potentially extracting sensitive information from the database. The vulnerable parameter is `order`. **Recommendations** Update the My auctions allegro plugin for WordPress to a version later than 3.6.31.

**Name of the Vulnerable Software and Affected Versions** Multi Step Form plugin for WordPress versions prior to 1.7.26 **Description** The Multi Step Form plugin for WordPress is susceptible to arbitrary file uploads due to a lack of file type validation during the import process. This allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution. **Recommendations** Update the Multi Step Form plugin to version 1.7.26 or later.

**Name of the Vulnerable Software and Affected Versions** The Video Gallery – Best WordPress YouTube Gallery Plugin versions up to, and including, 2.4.2 **Description** The issue is related to a time-based SQL Injection vulnerability via the `orderby` parameter. This vulnerability is caused by insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. As a result, authenticated attackers with Administrator-level access and above can append additional SQL queries into already existing queries to extract sensitive information from the database. **Recommendations** For versions up to, and including, 2.4.2, update to a version higher than 2.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the `orderby` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Video Gallery – Best WordPress YouTube Gallery plugin versions up to, and including, 2.4.1 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 2.4.1, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, ensure that unfiltered html is enabled, if possible, to reduce the vulnerability's impact.

**Name of the Vulnerable Software and Affected Versions** The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions up to, and including, 5.4.6 **Description** The issue is related to time-based SQL Injection via the `orderby` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This allows authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 5.4.6, consider disabling the `orderby` parameter until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of sensitive information extraction. Update to a version that includes a fix for this issue when available.

**Name of the Vulnerable Software and Affected Versions** The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.30 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 1.8.30, update to a version higher than 1.8.30 to resolve the issue. As a temporary workaround, consider restricting access to admin settings to minimize the risk of exploitation. Additionally, enabling unfiltered html or taking other measures to ensure proper input sanitization and output escaping can help mitigate the risk.