Turtleburg

**Name of the Vulnerable Software and Affected Versions** VikRentCar Car Rental Management System plugin for WordPress versions up to, and including, 1.4.2 **Description** The issue is due to missing or incorrect nonce validation on the `save` function, making it possible for unauthenticated attackers to change plugin access privileges via a forged request. This can be achieved by tricking a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server, which may make remote code execution possible. **Recommendations** For versions up to, and including, 1.4.2, consider disabling the `save` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of attackers uploading arbitrary files. Avoid using the plugin until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPUpper Share Buttons plugin for WordPress versions up to, and including, 3.51 **Description** The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the `save custom css request` function. This allows unauthenticated attackers to inject custom CSS and modify a site by tricking a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 3.51, update to a version that includes the fix for the missing or incorrect nonce validation in the `save custom css request` function. As a temporary workaround, consider restricting access to the `save custom css request` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** VikBooking Hotel Booking Engine & PMS plugin for WordPress versions up to, and including, 1.7.2 **Description** The issue is due to missing or incorrect nonce validation on the `save` function, making it possible for unauthenticated attackers to change plugin access privileges via a forged request. This can be achieved by tricking a site administrator into performing an action such as clicking on a link. Successful exploitation allows attackers with subscriber-level privileges and above to upload arbitrary files on the affected site's server, which may make remote code execution possible. **Recommendations** For versions up to, and including, 1.7.2, update to a version that includes the fix for the nonce validation issue in the `save` function. As a temporary workaround, consider restricting access to the `save` function to minimize the risk of exploitation. Additionally, restrict privileges to the minimum required for each user to reduce the potential impact of the issue.

**Name of the Vulnerable Software and Affected Versions** The WordPress Header Builder Plugin – Pearl plugin for WordPress versions up to, and including, 1.3.8 **Description** The issue is due to missing or incorrect nonce validation on the `stm header builder` page, making it possible for unauthenticated attackers to delete arbitrary headers via a forged request. This can happen if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.3.8, update to a version later than 1.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the `stm header builder` page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress versions up to, and including, 7.3 **Description** The issue allows unauthenticated attackers to extract sensitive data, including all information stored in the database, via publicly accessible back-up files. This is a case of Sensitive Information Exposure. **Recommendations** For versions up to, and including, 7.3, update to a version that fixes the Sensitive Information Exposure issue to prevent unauthenticated attackers from accessing sensitive data. As a temporary workaround, consider restricting access to publicly accessible back-up files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Easy Form Builder – WordPress plugin form builder versions up to, and including, 3.8.8 **Description** The issue is related to Stored Cross-Site Scripting via the `name` parameter of the `add form Emsfb` AJAX action. This is due to insufficient input sanitization and output escaping, as well as missing authorization checks. Authenticated attackers with Subscriber-level access and above can inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.8.8, update to a version higher than 3.8.8 to resolve the issue. As a temporary workaround, consider restricting access to the `add form Emsfb` AJAX action to minimize the risk of exploitation. Avoid using the `name` parameter in the affected AJAX endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Project Manager plugin for WordPress versions prior to 2.6.16 **Description** The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including hashed passwords of project owners, via the `/wp-json/pm/v2/projects/1/task-lists` REST API endpoint. This makes it possible for attackers to access confidential information. **Recommendations** For WP Project Manager plugin for WordPress versions prior to 2.6.16, update to the latest version to secure your site. As a temporary workaround, consider restricting access to the `/wp-json/pm/v2/projects/1/task-lists` API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Essential Real Estate plugin for WordPress versions up to and including 5.1.6 **Description** The issue is related to a missing capability check on several pages and post types, allowing authenticated attackers with Contributor-level access and above to access sensitive data, including invoices and transaction logs. This affects all versions of the plugin up to and including 5.1.6. **Recommendations** For versions up to and including 5.1.6, update to a version higher than 5.1.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive pages and post types to minimize the risk of exploitation. Restrict access to invoices and transaction logs to only authorized personnel until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hash Form – Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.2.1 **Description** The issue is related to a missing capability check when creating form styles. This allows authenticated attackers with Contributor-level access and above to create new form styles. **Recommendations** For versions up to, and including, 1.2.1, update to a version that includes a fix for the missing capability check issue. As a temporary workaround, consider restricting access to form style creation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions up to, and including, 5.5.4 **Description** The issue is due to missing or incorrect nonce validation on the `duplicate poll()` function, making it possible for unauthenticated attackers to duplicate polls via a forged request if they can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For versions up to, and including, 5.5.4, consider disabling the `duplicate poll()` function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of unauthorized poll duplication. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress versions prior to 6.2.2 **Description** The issue is related to a missing capability check on the `wpte onboard save function callback()` function, allowing authenticated attackers with contributor-level access and above to modify several settings. This could have an impact such as lost revenue and page updates. **Recommendations** For versions up to and including 6.2.1, update to version 6.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wpte onboard save function callback()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Project Manager plugin for WordPress version 2.6.14 **Description** The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the `check` method of the `Create Milestone`, `Create Task List`, `Create Task`, and `Delete Task` classes. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. **Recommendations** For version 2.6.14, consider updating to a newer version that fully addresses this issue, as version 2.6.14 only implemented a partial fix. As a temporary workaround, consider disabling the `check` method in the `Create Milestone`, `Create Task List`, `Create Task`, and `Delete Task` classes until a patch is available. Restrict access to the `Create Milestone`, `Create Task List`, `Create Task`, and `Delete Task` classes to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: DearFlip plugin for WordPress versions up to, and including, 2.3.32 Description: The issue is related to Reflected Cross-Site Scripting via the `pdf source` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Recommendations: For versions up to, and including, 2.3.32, update to a version later than 2.3.32 to resolve the issue. As a temporary workaround, consider restricting access to the `pdf source` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Photo Album Plus plugin for WordPress versions up to, and including, 8.8.05.003 **Description** The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages. This can be achieved by tricking a user into performing an action, such as clicking on a link, via the `wppa-tab` parameter. **Recommendations** For versions up to, and including, 8.8.05.003, consider disabling the `wppa-tab` parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.