Yudha

Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.7.1 Description: The issue is related to unauthorized modification of data due to a missing capability check on the `vcita ajax toggle ae()` function. This allows authenticated attackers with Subscriber-level access and above to enable and disable plugin widgets. Recommendations: For versions up to, and including, 2.7.1, update to a version higher than 2.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the `vcita ajax toggle ae()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Flexmls® IDX Plugin versions up to, and including, 3.14.27 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the 'idx frame' shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For Flexmls® IDX Plugin versions up to, and including, 3.14.27, update to a version that addresses the insufficient input sanitization and output escaping issue in the 'idx frame' shortcode. As a temporary workaround, consider restricting access to the 'idx frame' shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bandsintown Events plugin for WordPress versions up to, and including, 1.3.1 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'bandsintown events' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.3.1, consider disabling the `bandsintown events` shortcode until a patch is available to prevent exploitation. Restrict access to pages that use this shortcode to minimize the risk of arbitrary web script execution. Avoid using user-supplied attributes in the `bandsintown events` shortcode until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UMich OIDC Login plugin for WordPress versions up to, and including, 1.2.0 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'umich oidc button' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.0, consider disabling the 'umich oidc button' shortcode until a patch is available to prevent exploitation. Restrict access to pages that use this shortcode to minimize the risk of arbitrary web script execution. Avoid using user-supplied attributes in the 'umich oidc button' shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mortgage Calculator / Loan Calculator plugin for WordPress versions up to, and including, 1.5.20 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'mlcalc' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.5.20, consider disabling the `mlcalc` shortcode until a patch is available to prevent exploitation. Restrict access to pages that use the `mlcalc` shortcode to minimize the risk of arbitrary web script execution. Avoid using the `mlcalc` shortcode in pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP-FormAssembly plugin for WordPress versions up to, and including, 2.0.11 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'formassembly' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For WP-FormAssembly plugin for WordPress versions up to, and including, 2.0.11, update to a version higher than 2.0.11 to resolve the issue. As a temporary workaround, consider restricting access to the 'formassembly' shortcode to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress versions prior to 3.20.0 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions prior to 3.20.0, update to a version newer than 3.20.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's shortcodes to minimize the risk of exploitation. Avoid using user-supplied attributes in the shortcodes until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: The SuperSaaS – online appointment scheduling plugin for WordPress versions up to, and including, 2.1.12 Description: The issue is related to Stored Cross-Site Scripting via the `after` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue is limited to Chromium-based browsers. Recommendations: For versions up to, and including, 2.1.12, consider disabling the `after` parameter until a patch is available to prevent exploitation. Restrict access to pages that may have been injected with malicious scripts to minimize the risk of execution.

**Name of the Vulnerable Software and Affected Versions** Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.7.1 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.7.1, update to a version higher than 2.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the 'vCitaMeetingScheduler' shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.7.1 **Description** The issue is related to a missing capability check on the `vcita ajax toggle ae` and `vcita ajax toggle contact` functions. This allows authenticated attackers with subscriber-level access and above to enable and disable widgets, resulting in unauthorized modification of data. **Recommendations** For versions up to, and including, 2.7.1, update to a version that includes a capability check on the `vcita ajax toggle ae` and `vcita ajax toggle contact` functions to prevent unauthorized modification of data. As a temporary workaround, consider restricting access to the `vcita ajax toggle ae` and `vcita ajax toggle contact` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ABC Notation plugin for WordPress versions up to, and including, 6.1.3 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'abcjs' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 6.1.3, consider disabling the `abcjs` shortcode until a patch is available to prevent exploitation. Restrict access to pages that use the `abcjs` shortcode to minimize the risk of arbitrary web script injection. Avoid using the `abcjs` shortcode in pages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ABC Notation plugin for WordPress versions up to, and including, 6.1.3 **Description** The issue allows authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information, via the `file` attribute of the "abcjs" shortcode. This enables access to confidential data. **Recommendations** For versions up to, and including, 6.1.3, update to a version higher than 6.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the `abcjs` shortcode or disabling it until a patch is available. Avoid using the `file` attribute in the "abcjs" shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** BMLT Meeting Map plugin for WordPress versions up to, and including, 2.6.1 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's `bmlt meeting map` shortcode. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.6.1, update to a version higher than 2.6.1 to resolve the issue. As a temporary workaround, consider disabling the `bmlt meeting map` shortcode until a patch is available. Restrict access to the `bmlt meeting map` shortcode to minimize the risk of exploitation. Avoid using user-supplied attributes in the affected shortcode until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Checkout for PayPal plugin for WordPress versions up to, and including, 1.0.32 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's `checkout for paypal` shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.0.32, update to a version higher than 1.0.32 to resolve the issue. As a temporary workaround, consider restricting access to the `checkout for paypal` shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Payment Button for PayPal plugin for WordPress versions up to, and including, 1.2.3.35 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the `wp paypal checkout` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.3.35, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `wp paypal checkout` shortcode to minimize the risk of exploitation. Avoid using the `wp paypal checkout` shortcode in pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP User Profile Avatar plugin for WordPress versions up to, and including, 1.0.5 **Description** The issue is due to missing or incorrect nonce validation on the `wpupa user admin()` function, making it possible for unauthenticated attackers to update the plugin's setting that controls access to the functionality via a forged request. This can be achieved if attackers can trick a site administrator into performing an action such as clicking on a link. **Recommendations** For WP User Profile Avatar plugin for WordPress versions up to, and including, 1.0.5, consider disabling the `wpupa user admin()` function until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the plugin's settings to minimize the risk of unauthorized updates.

**Name of the Vulnerable Software and Affected Versions** Event Registration Calendar By vcita plugin for WordPress versions up to, and including, 1.4.0 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.4.0, update to a version later than 1.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's shortcodes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Accordion Slider Lite plugin for WordPress version 1.5.1 and earlier **Description** The issue is related to Stored Cross-Site Scripting via the plugin's `accordion slider` shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to and including 1.5.1, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the `accordion slider` shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Grid Accordion Lite plugin for WordPress versions up to, and including, 1.5.1 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the `grid accordion` shortcode. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.5.1, update to a version that addresses the insufficient input sanitization and output escaping issue in the `grid accordion` shortcode. As a temporary workaround, consider restricting access to the `grid accordion` shortcode to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Trackserver plugin for WordPress versions up to, and including, 5.0.2 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.0.2, update to a version higher than 5.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the 'tsmap' shortcode to minimize the risk of exploitation. Additionally, restrict contributor-level access and above to authorized personnel only.