Zer0Gh0St

Name of the Vulnerable Software and Affected Versions: WP Recipe Maker plugin for WordPress versions up to, and including, 9.8.0 Description: The issue is related to Stored Cross-Site Scripting via the Roundup Recipe Name field due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For WP Recipe Maker plugin for WordPress versions up to, and including, 9.8.0, update to a version later than 9.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the Roundup Recipe Name field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Plus Addons for Elementor versions up to, and including, 6.2.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the Countdown, Syntax Highlighter, and Page Scroll widgets. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 6.2.2, update to a version that addresses the insufficient input sanitization and output escaping issue in the Countdown, Syntax Highlighter, and Page Scroll widgets. As a temporary workaround, consider restricting access to these widgets for users with Contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The 140+ Widgets | Xpro Addons For Elementor versions up to, and including, 1.4.6.7 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in several widgets. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 1.4.6.7, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.4 **Description** The issue is related to Stored Cross-Site Scripting via the Embedded Video(PB) widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.31.4, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the Embedded Video(PB) widget for users with Contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress versions prior to 1.2.3 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions prior to 1.2.3, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons plugin for WordPress versions up to, and including, 26.0.0.1 **Description** The issue is related to Stored Cross-Site Scripting via the `Name` and `Comment` field when commenting on photo gallery entries due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 26.0.0.1, update to a version later than 26.0.0.1 to resolve the issue. As a temporary workaround, consider disabling the comment functionality on photo gallery entries until a patch is available. Restrict access to the `Name` and `Comment` fields to minimize the risk of exploitation. Avoid using these fields in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.7.6 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Animated Text and Image Comparison Widgets. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.7.6, update to a version later than 2.7.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Card Elements for Elementor plugin for WordPress versions up to, and including, 1.2.6 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Profile Card widget, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.6, update to a version that addresses the insufficient input sanitization and output escaping issue in the Profile Card widget.

**Name of the Vulnerable Software and Affected Versions** The Sina Extension for Elementor plugin for WordPress versions up to, and including, 3.6.0 **Description** The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Fancy Text, Countdown Widget, and Login Form shortcodes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.6.0, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Fancy Text, Countdown Widget, and Login Form shortcodes to prevent authenticated attackers from injecting arbitrary web scripts.

**Name of the Vulnerable Software and Affected Versions** The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress versions up to, and including, 5.2.3 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically via the `data-marker` parameter. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 5.2.3, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the `data-marker` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rife Elementor Extensions & Templates plugin for WordPress versions up to, and including, 1.2.5 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.2.5, update to a version higher than 1.2.5 to resolve the issue. As a temporary workaround, consider restricting access to the Writing Effect Headline shortcode for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.140 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** To resolve the issue, delete and reinstall the affected widget: Transparent Split Hero manually for all versions up to, and including, 1.5.140.

**Name of the Vulnerable Software and Affected Versions** Elementor Website Builder versions up to, and including, 3.27.4 **Description** The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `border`, `margin`, and `gap` parameters due to insufficient input sanitization and output escaping. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.27.4, update to a version later than 3.27.4 to resolve the issue. As a temporary workaround, consider restricting access to the `border`, `margin`, and `gap` parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress versions 2.4.9 through 2.6.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was initially patched in version 2.4.8 but was reintroduced in version 2.4.9 with the removal of the `wp kses post()` built-in WordPress sanitization function. **Recommendations** For versions 2.4.9 through 2.6.2, update to a version that includes the `wp kses post()` function to ensure proper input sanitization and output escaping. As a temporary workaround, consider disabling the vulnerable plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's features that allow user input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Post SMTP plugin for WordPress versions up to, and including, 3.0.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The `from` and `subject` parameters are specifically vulnerable to this type of attack. **Recommendations** For Post SMTP plugin for WordPress versions up to, and including, 3.0.2, update to version 3.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `from` and `subject` parameters in the affected plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WP Activity Log plugin for WordPress versions up to, and including, 5.2.2 **Description** The issue is related to Stored Cross-Site Scripting via the `message` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For WP Activity Log plugin for WordPress versions up to, and including, 5.2.2, update to a version later than 5.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the `message` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin versions up to, and including, 2.11.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping of a `campaign name`. This allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 2.11.2, update to a version that addresses the insufficient input sanitization and output escaping of the `campaign name`. As a temporary workaround, consider restricting access to the campaign name input field to prevent authenticated attackers from injecting arbitrary web scripts. Restrict Contributor-level access and above to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DethemeKit For Elementor plugin for WordPress versions up to, and including, 2.1.8 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's De Gallery widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.1.8, update to a version higher than 2.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the De Gallery widget to minimize the risk of exploitation. Additionally, limiting contributor-level access and above can help reduce the attack surface until a patch is applied.

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Countdown widget due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For versions up to, and including, 2.8.1, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Countdown widget until a patch is available. Additionally, limiting contributor-level access and above can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qi Addons For Elementor versions 1.8.7 and earlier **Description** The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `cursor` parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in versions 1.8.5, 1.8.6, and 1.8.7. **Recommendations** For versions 1.8.7 and earlier, update to a version later than 1.8.7 to fully resolve the issue. As a temporary workaround, consider restricting access to the `cursor` parameter to minimize the risk of exploitation. Restrict access to pages that may have been injected with malicious scripts to prevent further exploitation.