Tomorrowisnew

**Name of the Vulnerable Software and Affected Versions** The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin versions prior to 9.7.6 **Description** The issue is related to a lack of proper authorization check in one of the AJAX actions, allowing unauthorized access to retrieve sensitive information such as the list of active plugins and various version details like PHP, cURL, and WP. This affects unauthenticated users in versions prior to 9.7.5 and author+ users in version 9.7.5. **Recommendations** For versions prior to 9.7.6, update to version 9.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AJAX action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MapSVG WordPress plugin versions prior to 6.2.20 **Description** The issue concerns a SQL Injection that can be exploited by unauthenticated users due to the lack of validation and escaping of a parameter used in a SQL statement via a REST endpoint. **Recommendations** For versions prior to 6.2.20, update to version 6.2.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoint until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** DW Question & Answer Pro WordPress plugin versions 1.3.4 and earlier **Description** The issue allows any user to edit other comments because it does not check if the comment to edit belongs to the user making the request. **Recommendations** For DW Question & Answer Pro WordPress plugin versions 1.3.4 and earlier, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to comment editing functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Plezi WordPress plugin versions prior to 1.0.3 **Description** The issue allows unauthenticated users to update the `plz configuration tracker enable` option through a REST endpoint. This option is then displayed in the admin panel without proper sanitization and escaping, leading to a Stored Cross-Site Scripting issue. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST endpoint that updates the `plz configuration tracker enable` option until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Drag and Drop Multiple File Upload WordPress plugin versions prior to 1.3.6.3 **Description** The issue allows SVG files to be uploaded by default via the `dnd codedropz upload` AJAX action, which could lead to a Stored Cross-Site Scripting issue. **Recommendations** For versions prior to 1.3.6.3, update to version 1.3.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `dnd codedropz upload` AJAX action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FormCraft WordPress plugin versions prior to 3.8.28 **Description** The issue concerns the FormCraft WordPress plugin, where the URL parameter in the formcraft3 get AJAX action is not properly validated, leading to Server-Side Request Forgery (SSRF) issues. These issues can be exploited by unauthenticated users. **Recommendations** For versions prior to 3.8.28, update to version 3.8.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the formcraft3 get AJAX action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Voting Contest WordPress plugin versions prior to 3.0 **Description** The issue arises from the lack of sanitization and escaping of the `post id` parameter in the response via the "wpvc social share icons" AJAX action. This action is accessible to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting issue. **Recommendations** For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wpvc social share icons" AJAX action to minimize the risk of exploitation. Avoid using the `post id` parameter in the affected AJAX endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SupportCandy WordPress plugin versions prior to 2.2.7 **Description** The issue is related to the lack of a CRSF check in the `wpsc tickets` AJAX action of the SupportCandy WordPress plugin. This could allow attackers to make a logged-in admin call the action and delete arbitrary tickets via the `set delete permanently bulk ticket` setting action. **Recommendations** For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wpsc tickets` AJAX action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SupportCandy WordPress plugin versions prior to 2.2.5 **Description** The issue is related to the lack of authorisation and CSRF checks in the `wpsc tickets` AJAX action, which could allow unauthenticated users to delete arbitrary tickets via the `set delete permanently bulk ticket` `setting action`. Other actions may also be affected. **Recommendations** For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue. As a temporary workaround, consider disabling the `wpsc tickets` AJAX action until a patch is available. Restrict access to the `set delete permanently bulk ticket` `setting action` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AnyComment WordPress plugin versions prior to 0.3.5 **Description** The issue is related to an API endpoint that passes user input via the `redirect` parameter to the `wp redirect()` function without validation, leading to an Open Redirect issue. According to the vendor, this behavior is considered a feature. **Recommendations** For versions prior to 0.3.5, update to version 0.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the API endpoint that uses the `wp redirect()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tab WordPress plugin versions prior to 1.3.2 **Description** The issue allows unauthenticated attackers to modify various data in the plugin, such as add, edit, or delete arbitrary tabs, because all AJAX actions of the Tab WordPress plugin are available to both unauthenticated and authenticated users. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to AJAX actions in the plugin to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: wpDiscuz WordPress plugin versions prior to 7.3.4 Description: The issue allows attackers to make logged-in users, such as admins, edit and delete arbitrary comments, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged-in users post arbitrary comments. This is due to the plugin not checking for CSRF when adding, editing, and deleting comments. Recommendations: For versions prior to 7.3.4, update to version 7.3.4 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to prevent exploitation. Restrict access to comment editing and deletion functionality to minimize the risk of exploitation. Avoid using the plugin's comment functionality until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: BP Better Messages WordPress plugin versions prior to 1.9.9.41 Description: The issue arises from the plugin's failure to properly escape the `subject` parameter after sanitization, leading to a Reflected Cross-Site Scripting issue. This occurs when the `subject` parameter is outputted back in an attribute without proper escaping. Recommendations: For versions prior to 1.9.9.41, update to version 1.9.9.41 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `subject` parameter in attributes to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: BP Better Messages WordPress plugin versions prior to 1.9.9.41 Description: The issue concerns the lack of CSRF checks in multiple AJAX actions within the plugin. Specifically, the affected actions include `bp better messages leave chat`, `bp better messages join chat`, `bp messages leave thread`, `bp messages mute thread`, `bp messages unmute thread`, `bp better messages add user to thread`, and `bp better messages exclude user from thread`. This could allow attackers to make logged-in users perform unwanted actions. Recommendations: For versions prior to 1.9.9.41, update to version 1.9.9.41 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable AJAX actions until a patch is applied.