Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.

**4ecps-webforms**

*   Details
*   Reviews
*   Support
*   Development

**Description**

This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full review.

**Blocks**

This plugin provides 6 blocks.

*   4ECPS - Dynamic Content Block
*   4ECPS - Web Form
*   4ECPS - Story board
*   4ECPS Web Forms
*   4ECPS Web Forms
*   4ECPS Web Forms

**Reviews**

There are no reviews for this plugin.

**Contributors & Developers**

“4ECPS Web Forms” is open source software. The following people have contributed to this plugin.

Contributors

CVE-2022-44628: 4ECPS Web Forms

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Wordfence is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority. As a CNA, Wordfence assigns CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes.

Assigned CVE IDs and the vulnerability details are published below. For more information about submitting vulnerabilities to Wordfence for CVE ID assignment, please refer to our vulnerability disclosure policy.

This is a continuation of Vulnerability Advisories.

**VR Calendar <= 2.3.3 – Cross-Site Request Forgery**

**Affected Plugin:** VR Calendar  
**Plugin Slug:** vr-calendar-sync  
**Affected Versions:** <= 2.3.3  
**CVE ID:** CVE-2022-3852  
**CVSS Score:** 8.8 (High)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
**Researcher/s:** Marco Wotschka  
**Fully Patched Version:** 2.3.4  
**Recommended Remediation:** Update to version 2.3.4, or newer.  
**Publication Date:** 2022-11-03

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

**Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 – Missing Authorization on AJAX Actions**

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin’s settings and modifying the ordering system preferences.

**Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 – Cross-Site Request Forgery**

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms\_action, set\_option, & chosen\_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Admin+) Limited Remote Code Execution via um\_populate\_dropdown\_options**

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate\_dropdown\_options function that accepts user supplied input and passes it through call\_user\_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Admin+) Remote Code Execution via Multi-Select**

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get\_option\_value\_from\_callback function that accepts user supplied input and passes it through call\_user\_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Contributor+) Directory Traversal via Shortcodes**

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the ‘template’ attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Admin+) Directory Traversal**

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the ‘pack’ parameter. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a file with the exact name ‘init.php’ then remote code execution may also be possible.

**Web Stories <= 1.24.0 – Server Side Request Forgery**

**Affected Plugin:** Web Stories  
**Plugin Slug:** web-stories  
**Affected Versions:** <= 1.24.0  
**CVE ID:** CVE-2022-3708  
**CVSS Score:** 9.6 (Critical)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N  
**Researcher/s:** Aymen Borgi  
**Fully Patched Version:** 1.25.0  
**Recommended Remediation:** Update to version 1.25.0, or newer.  
**Publication Date:** 2022-10-26

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

**ImageMagick Engine <= 1.7.4 – Cross-Site Request Forgery to Remote Command Execution**

**Affected Plugin:** ImageMagick Engine  
**Plugin Slug:** imagemagick-engine  
**Affected Versions:** <= 1.7.4  
**CVE ID:** CVE-2022-2441  
**CVSS Score:** 8.8 (High)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
**Researcher/s:** Rasoul Jahanshahi  
**Fully Patched Version:** Unpatched.  
**Recommended Remediation:** Uninstall plugin from site until patched version available.  
**Publication Date:** 2022-10-17

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the ‘cli\_path’ parameter in versions up to, and including 1.7.4. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

**Log HTTP Requests <= 1.3.1 – Stored Cross-Site Scripting**

**Affected Plugin:** Log HTTP Requests  
**Plugin Slug:** log-http-requests  
**Affected Versions:** <= 1.3.1  
**CVE ID:** CVE-2022-3402  
**CVSS Score:** 6.1 (Medium)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N  
**Researcher/s:** Etan Imanol Castro Aldrete  
**Fully Patched Version:** 1.3.2  
**Recommended Remediation:** Update to version 1.3.2, or newer.  
**Publication Date:** 2022-10-05

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site’s administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

**Bricks 1.2 – 1.5.3 – Remote Code Execution**

**Affected Theme:** Bricks  
**Theme Slug:** bricks  
**Affected Versions:** 1.2 to 1.5.3  
**CVE ID:** CVE-2022-3401  
**CVSS Score:** 8.8 (High)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  
**Researcher/s:** Anonymous  
**Fully Patched Version:** 1.5.4  
**Recommended Remediation:** Update to version 1.5.4, or newer.  
**Publication Date:** 2022-10-03

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.

**Bricks 1.0 – 1.5.3 – Missing Authorization to Arbitrary Content Creation/Modification**

**Affected Theme:** Bricks  
**Theme Slug:** bricks  
**Affected Versions:** 1.0 – 1.5.3  
**CVE ID:** CVE-2022-3400  
**CVSS Score:** 6.5 (Medium)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N  
**Researcher/s:** Anonymous  
**Fully Patched Version:** 1.5.4  
**Recommended Remediation:** Update to version 1.5.4, or newer.  
**Publication Date:** 2022-10-03

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks\_save\_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.

CVE-2022-3852: Vulnerability Advisories Continued - Wordfence

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.

CVE-2022-2696: Vulnerability Advisories Continued - Wordfence

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms_action, set_option, & chosen_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2022-3776: Vulnerability Advisories Continued - Wordfence

By Deeba Ahmed
Minterpress is a new open-source plugin that allows collectors and creators to host and mint eco-friendly NFTs on WordPress.
This is a post from HackRead.com Read the original post: Blokhaus Announced Launching of New Open-Source NFT Tool Minterpress

The Web3-oriented agency Blokhaus has launched a new open-source NFT tool dubbed Minterpress. Here is all you need to know about this new tool.

**What is Minterpress?**

**Minterpress** is a new open-source plugin that allows collectors and creators to host and mint eco-friendly NFTs on WordPress. This new tool is built on the Tezos blockchain, because of which the NFTs minted via Minterpress would be energy-efficient.

What’s worth noting is that there isn’t any need to gain coding knowledge to start using this plugin. Creators can build an NFT gallery to display on their WordPress site or offer a link to their product on any **NFT marketplace** to interested buyers.

**Why Was Minterpress Built?**

This new plugin was built to simplify the minting and display of NFTs, Blokhaus’s press release read. Designed/developed by marketing communications firm Blokhaus; the NFTs posted on Minterpress will be minted on energy-efficient Tezos, therefore it would prove to be a low-cost alternative to mint and transact NFTs.

For your information, **Tezos blockchain** hosts some of the world’s biggest NFT marketplaces and platforms, such as Objkt.com.

**Minterpress Help NFT Creators & Collectors**

Minterpress wouldn’t entail the negative aspects of the first-generation NFTs. So, creators or artists can mint and display their work in NFTs directly on a WordPress page. They can show the uniqueness and authenticity of their creativity freely.

In this sense, Minterpess will empower artists to exercise maximum control over how their creations are displayed on a **WordPress site**. Furthermore, they won’t need to rely on excessively centralized NFT marketplaces to promote their products.

1.  **Tips for Using Uploader Widgets on WordPress Blogs**
2.  **This AI Can Generate Unique and Free Bored Ape NFTs**
3.  **DeFiChain gives DeFi a major boost with decentralized assets**

Blokhaus Announced Launching of New Open-Source NFT Tool Minterpress

Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress.

**am-hili-affiliate-manager-for-publishers**

*   Details
*   Reviews
*   Support
*   Development

**Description**

This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full review.

**Reviews**

There are no reviews for this plugin.

**Contributors & Developers**

“AM-HiLi” is open source software. The following people have contributed to this plugin.

Contributors

*    ayoubmedia

CVE-2022-44586: AM-HiLi

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress.

*   Details
*   Reviews
*   Support
*   Development

**Description**

This plugin has been closed as of November 1, 2022 and is not available for download. This closure is temporary, pending a full review.

**Reviews**

There are no reviews for this plugin.

**Contributors & Developers**

“AgentEasy Properties” is open source software. The following people have contributed to this plugin.

Contributors

*    Baycentric

CVE-2022-44576: AgentEasy Properties

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting

CVE-2022-2167

The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

CVE-2022-2190

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.

Tag

#wordpress