#java

An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbutton_settings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxss_admin_page() function found in the ~/dx-share-selection.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link.

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with administrator level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible.

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.

In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler.

### Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can lead to potentially executing JavaScript code. For example, starting with the following initial secure HTML: ```html <label> <input id="test-input"> &lt;img src=x onerror="alert(1)"&gt; </label> ``` and calling: ```js $( "#test-input" ).checkboxradio(); $( "#test-input" ).checkboxradio( "refresh" ); ``` will turn the initial HTML into: ```html <label> <!-- some jQuery UI elements --> <input id="test-input"> <img src=x onerror="alert(1)"> </label> ``` and the alert will get executed. ### Patches The bug has been patched in jQuery UI 1.13.2. ### Workarounds To remediate the issue, if you can change the initial HTML, you can wrap all the non-input contents of the `label` in a `span`...