Type5Afe

**Name of the Vulnerable Software and Affected Versions** Customer Reviews for WooCommerce versions up to and including 5.97.0 **Description** The Customer Reviews for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to the `media[].href` parameter. An unauthenticated attacker, if 'Enable for Guests' is enabled, can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. **Recommendations** Update Customer Reviews for WooCommerce to a version newer than 5.97.0.

**Name of the Vulnerable Software and Affected Versions** Code Snippets plugin for WordPress versions up to and including 3.9.4 **Description** The Code Snippets plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation on the cloud snippet download and update actions within the `Cloud Search List Table` class. This allows unauthenticated attackers to compel logged-in administrators to download or update cloud snippets without their knowledge, provided they can lure an administrator to a malicious webpage. **Recommendations** Update the Code Snippets plugin to a version later than 3.9.4.

**Name of the Vulnerable Software and Affected Versions** The AI Engine – The Chatbot and AI Framework for WordPress plugin versions prior to 3.3.3 **Description** The AI Engine – The Chatbot and AI Framework for WordPress plugin is susceptible to arbitrary file uploads because of a lack of file type validation. This flaw exists in the `rest helpers update media metadata` function. Authenticated attackers with Editor-level access or higher can upload arbitrary files to the server, potentially leading to remote code execution. An attacker can upload an image file and then use the `update media metadata` API endpoint to rename it to a PHP file, effectively creating an executable PHP file within the uploads directory. The vulnerable API endpoint is `/wp-json/aiengine/v1/rest helpers update media metadata`. The vulnerable variable is `file`. **Recommendations** Update The AI Engine – The Chatbot and AI Framework for WordPress plugin to version 3.3.3 or later. As a temporary workaround, restrict access to the `update media metadata` API endpoint for users with Editor-level access and above. Disable the `rest helpers update media metadata` function if possible.

**Name of the Vulnerable Software and Affected Versions** AI Engine plugin for WordPress versions up to and including 3.3.2 **Description** The AI Engine plugin for WordPress is susceptible to Server-Side Request Forgery via the `get audio` function. An authenticated attacker with Subscriber-level access or higher can make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services if the "Public API" is enabled in the plugin settings and `allow url fopen` is set to 'On' on the server. **Recommendations** Update the AI Engine plugin to a version later than 3.3.2.

**Name of the Vulnerable Software and Affected Versions** MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress versions up to and including 4.1.0 **Description** The software contains a flaw due to the use of a forgeable cookie value derived from the entry ID and current user ID without a server-side secret. This allows unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL, which defaults to 15 minutes. **Recommendations** Update to a version beyond 4.1.0.