Webbernaut

Name of the Vulnerable Software and Affected Versions: DethemeKit for Elementor plugin for WordPress versions up to, and including, 2.1.9 Description: The issue is related to Stored Cross-Site Scripting via the De Product Display Widget's countdown feature, caused by insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. Recommendations: For versions up to, and including, 2.1.9, update to a version higher than 2.1.9 to resolve the issue. As a temporary workaround, consider restricting access to the De Product Display Widget's countdown feature to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: All-in-One WP Migration and Backup plugin for WordPress versions up to, and including, 7.89 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in the `replace serialized values` function. If a POP chain is present, possibly through an additional plugin or theme, it could enable the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The exploit can be triggered by an administrator exporting and restoring a backup. Recommendations: For versions up to, and including, 7.89, update to a version that fixes the PHP Object Injection issue to prevent exploitation. As a temporary workaround, consider restricting access to the `replace serialized values` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution plugin for WordPress versions up to, and including, 3.1.0 Description: The issue is related to a Stored DOM-Based Cross-Site Scripting vulnerability in the plugin's Flash Sale Countdown module. This is due to insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 3.1.0, update to a version that addresses the insufficient input sanitization and output escaping issue in the Flash Sale Countdown module. As a temporary workaround, consider restricting access to the Flash Sale Countdown module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress versions up to, and including, 2.19.0 Description: The issue is related to Stored DOM-Based Cross-Site Scripting via the countdown timer due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 2.19.0, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored DOM-Based Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the countdown timer feature for users with Contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 5.3.1 **Description** The issue is related to Stored Cross-Site Scripting via the Parallax slider due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 5.3.1, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the Parallax slider feature for users with Contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.8.2 **Description** The issue is related to DOM-Based Stored Cross-Site Scripting via the plugin's Countdown widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.8.2, update to a version that includes a complete fix for the issue, as the current version has an incomplete fix.

**Name of the Vulnerable Software and Affected Versions** WordPress plugins using Featherlight.js versions 1.7.13 through 1.7.14 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Featherlight.js JavaScript library. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. The injected scripts will execute whenever a user accesses the injected page. **Recommendations** For WordPress plugins using Featherlight.js versions 1.7.13 through 1.7.14, consider updating Featherlight.js to a version outside of the affected range as a fix, or temporarily restrict contributor-level access to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress versions up to, and including, 2.0.7.2 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in multiple widgets, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.0.7.2, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent stored cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Chaty plugin for WordPress versions up to and including 3.3.5 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the `data-hover` parameter. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses the injected page. **Recommendations** For Chaty plugin for WordPress versions up to and including 3.3.5, update to a version that addresses the insufficient input sanitization and output escaping issue in the `data-hover` parameter to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Image Photo Gallery Final Tiles Grid plugin for WordPress versions up to, and including, 3.6.0 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'FinalTilesGallery' shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.6.0, update to a version that includes the necessary input sanitization and output escaping fixes to prevent stored cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Lenix Elementor Leads addon plugin for WordPress versions up to, and including, 1.8.2 **Description** The Lenix Elementor Leads addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL form field due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.8.2, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider disabling the URL form field in the Lenix Elementor Leads addon plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Visualizer: Tables and Charts Manager for WordPress versions up to, and including, 3.11.8 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Import Data From File feature due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.11.8, update to a version newer than 3.11.8 to resolve the issue. As a temporary workaround, consider restricting access to the Import Data From File feature to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to trusted users only.

**Name of the Vulnerable Software and Affected Versions** ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.4.0 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Image Accordion widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.4.0, update to a version later than 3.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the Image Accordion widget to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.235 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Rank Math API due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.0.235, update to a version higher than 1.0.235 to resolve the issue. As a temporary workaround, consider restricting access to the Rank Math API to minimize the risk of exploitation. Additionally, limiting contributor-level access and above can help reduce the attack surface until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** DethemeKit For Elementor plugin for WordPress versions up to, and including, 2.36 **Description** The issue allows authenticated attackers with Contributor-level access and above to extract data from password protected, private, draft, or scheduled posts by duplicating them. This is due to insufficient restrictions on which posts can be duplicated via the `duplicate post()` function. **Recommendations** For versions up to, and including, 2.36, consider disabling the `duplicate post()` function until a patch is available to prevent exploitation. Restrict access to sensitive posts and ensure that only authorized users have Contributor-level access and above to minimize the risk of data exposure.

**Name of the Vulnerable Software and Affected Versions** Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.235 **Description** The issue is related to a missing capability check on the `update metadata()` function, which allows authenticated attackers with Contributor-level access and above to delete any schema metadata assigned to any post. This can lead to unauthorized loss of data. **Recommendations** For versions up to, and including, 1.0.235, update to a version that includes a fix for the missing capability check on the `update metadata()` function. As a temporary workaround, consider restricting access to the `update metadata()` function to prevent unauthorized deletion of schema metadata. Restrict Contributor-level access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Export All Posts, Products, Orders, Refunds & Users plugin for WordPress versions up to, and including, 2.9.3 **Description** The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the `/wp-content/uploads/smack uci uploads/exports/` directory, which can contain information like exported user data. This is possible due to sensitive information exposure in the plugin. **Recommendations** For versions up to, and including, 2.9.3, consider disabling access to the `/wp-content/uploads/smack uci uploads/exports/` directory until a patch is available. Restrict access to the exports directory to minimize the risk of exploitation. Avoid storing sensitive data in insecure locations within the plugin's export functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.9.3 **Description** The issue is related to Stored Cross-Site Scripting via Podcast RSS Feed due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.9.3, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting contributor-level access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Divi Torque Lite plugin for WordPress versions up to, and including, 4.1.0 **Description** The issue is related to Stored Cross-Site Scripting via several widgets due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For Divi Torque Lite plugin for WordPress versions up to, and including, 4.1.0: Update to a version later than 4.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable widgets until a patch is available. Avoid using the vulnerable widgets in pages that can be accessed by untrusted users until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ElementsKit Pro plugin for WordPress versions up to, and including, 3.7.8 **Description** The issue is related to DOM-Based Stored Cross-Site Scripting via the `url` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.7.8, update to a version later than 3.7.8 to resolve the issue. As a temporary workaround, consider restricting access to the `url` parameter in the affected plugin to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to trusted users only.