Tptnhan

**Name of the Vulnerable Software and Affected Versions** RomethemeKit For Elementor plugin for WordPress versions up to, and including, 1.5.3 **Description** The issue allows authenticated attackers with Subscriber-level access and above to modify plugin settings or reset plugin widgets to their default state. This is due to a missing capability check on the `save options` and `reset widgets` functions. **Recommendations** For versions up to, and including, 1.5.3, update to a version that fully addresses the issue, as version 1.5.3 only partially fixes the problem. As a temporary workaround, consider restricting access to the `save options` and `reset widgets` functions to prevent unauthorized modification of data.

**Name of the Vulnerable Software and Affected Versions** NextMove Lite – Thank You Page for WooCommerce plugin for WordPress versions up to, and including, 2.19.0 **Description** The issue arises from a missing capability check on the ` submit uninstall reason action()` function, allowing authenticated attackers with Subscriber-level access and above to submit a deactivation reason on behalf of a site. This enables unauthorized submission of data. **Recommendations** For versions up to, and including, 2.19.0, update to a version that includes a fix for the missing capability check on the ` submit uninstall reason action()` function. As a temporary workaround, consider restricting access to the ` submit uninstall reason action()` function to prevent unauthorized data submission.

**Name of the Vulnerable Software and Affected Versions** DirectoryPress Frontend plugin for WordPress versions up to, and including, 2.7.9 **Description** The issue is due to missing or incorrect nonce validation on the `dpfl listingStatusChange()` function, making it possible for unauthenticated attackers to update listing statuses via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 2.7.9, consider disabling the `dpfl listingStatusChange()` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of unauthorized listing status updates. Avoid using the plugin until the issue is resolved with a newer version.

**Name of the Vulnerable Software and Affected Versions** The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.13 **Description** The issue is related to a missing capability check on the `reorder route()` function, allowing unauthenticated attackers to modify data by reordering posts. **Recommendations** For versions up to, and including, 3.0.13, update to a version higher than 3.0.13 to resolve the issue. As a temporary workaround, consider disabling the `reorder route()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ECPay Ecommerce for WooCommerce plugin for WordPress versions up to, and including, 1.1.2411060 **Description** The issue is related to a missing capability check on the 'clear ecpay debug log' AJAX action. This allows authenticated attackers with Subscriber-level access and above to clear the plugin's log files, resulting in unauthorized loss of data. **Recommendations** For versions up to, and including, 1.1.2411060, as a temporary workaround, consider disabling the `clear ecpay debug log` AJAX action until a patch is available. Restrict access to the plugin's log files to minimize the risk of exploitation. Update to a version that includes a fix for the missing capability check on the 'clear ecpay debug log' AJAX action.

**Name of the Vulnerable Software and Affected Versions** GoHero Store Customizer for WooCommerce plugin for WordPress versions up to, and including, 3.5 **Description** The issue allows unauthorized modification of data due to a missing capability check on the `wooh action settings save frontend()` function. This makes it possible for unauthenticated attackers to update limited plugin settings. **Recommendations** For versions up to, and including, 3.5, update to a version that includes a fix for the missing capability check in the `wooh action settings save frontend()` function. As a temporary workaround, consider restricting access to the `wooh action settings save frontend()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Responsive FlipBook Plugin for WordPress versions up to, and including, 2.5.0 **Description** The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping in the `rfbwp save settings()` function. This allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.5.0, consider disabling the `rfbwp save settings()` function until a patch is available to prevent exploitation. Restrict access to settings pages to minimize the risk of arbitrary web script injection. Avoid using the plugin until an updated version that addresses the insufficient input sanitization and output escaping is released.

**Name of the Vulnerable Software and Affected Versions** Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.10.12 **Description** The issue is related to unauthorized access of data due to a missing capability check on the `get layouts()` function. This allows authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. **Recommendations** For versions up to, and including, 5.10.12, consider disabling the `get layouts()` function until a patch is available to prevent unauthorized access to layout templates. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress versions up to, and including, 2.4.1 **Description** The issue is related to unauthorized modification of data due to a missing capability check on the `import mpfe template()` function. This allows authenticated attackers with Subscriber-level access and above to import templates. **Recommendations** For versions up to, and including, 2.4.1, update to a version that includes a fix for the missing capability check on the `import mpfe template()` function. As a temporary workaround, consider restricting access to the `import mpfe template()` function to prevent unauthorized template imports.

**Name of the Vulnerable Software and Affected Versions** WP Log Viewer plugin for WordPress versions up to, and including, 1.2.1 **Description** The issue is related to unauthorized use of functionality due to a missing capability check on several AJAX actions. This allows authenticated attackers with Subscriber-level access and above to access logs, update plugin-related user settings, and general plugin settings. **Recommendations** For versions up to, and including, 1.2.1, update to a version above 1.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Customer Reviews for WooCommerce plugin versions up to, and including, 5.61.0 **Description** The issue arises from a missing capability check on the `cancel import()` function, allowing authenticated attackers with Subscriber-level access and above to cancel and import or check on the status. This enables unauthorized access. **Recommendations** For versions up to, and including, 5.61.0, consider disabling the `cancel import()` function until a patch is available to prevent unauthorized access. Restrict access to the import functionality to minimize the risk of exploitation. Avoid using the `cancel import()` function in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 **Description** The issue arises from a missing capability check on the `buy one click export options` AJAX action, allowing authenticated attackers with Subscriber-level access and above to export plugin settings. This results in unauthorized access of data. **Recommendations** For versions up to, and including, 2.2.9, update to a version higher than 2.2.9 to resolve the issue. As a temporary workaround, consider restricting access to the `buy one click export options` AJAX action to prevent unauthorized data export.

**Name of the Vulnerable Software and Affected Versions** Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 **Description** The issue is related to a missing capability check on the `removeorder` AJAX action, allowing authenticated attackers with Subscriber-level access and above to delete orders. This makes it possible for attackers to modify data without proper authorization. **Recommendations** For versions up to, and including, 2.2.9, update to a version higher than 2.2.9 to resolve the issue. As a temporary workaround, consider restricting access to the `removeorder` AJAX action to prevent unauthorized data modification.

**Name of the Vulnerable Software and Affected Versions** Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9 **Description** The issue is related to a missing capability check on the `buy one click import options` AJAX action, allowing authenticated attackers with Subscriber-level access and above to import plugin settings, thus enabling unauthorized modification of data. **Recommendations** For Buy one click WooCommerce plugin for WordPress versions up to, and including, 2.2.9, update to a version later than 2.2.9 to mitigate the risk of unauthorized data modification. As a temporary workaround, consider restricting access to the `buy one click import options` AJAX action to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Video Gallery for WooCommerce plugin for WordPress versions up to, and including, 1.31 **Description** The issue is related to a missing capability check on the `remove unused thumbnails()` function, allowing unauthenticated attackers to delete thumbnails in the `video-wc-gallery-thumb` directory. This enables unauthorized modification of data. **Recommendations** For versions up to, and including, 1.31, consider disabling the `remove unused thumbnails()` function until a patch is available to prevent unauthorized thumbnail deletion. Restrict access to the `video-wc-gallery-thumb` directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress versions up to, and including, 4.23.12 **Description** The issue is related to a missing capability check on the `wprss ajax send premium support` function, allowing authenticated attackers with Subscriber-level access and above to send premium support requests with controlled subject lines and email addresses, potentially impersonating the site owner. This could also lead to the leakage of license information. **Recommendations** For versions up to, and including, 4.23.12, update to a version that includes a fix for the missing capability check on the `wprss ajax send premium support` function. As a temporary workaround, consider restricting access to the `wprss ajax send premium support` function to prevent unauthorized use until a patch is available.