The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector.

CVE-2022-2711

The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack

CVE-2022-2387

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.

**Solution**

 Fixed

Update the WordPress Simple SEO plugin to the latest available version (at least 1.8.13).

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Broken Access Control vulnerability in WordPress Simple SEO Plugin. This vulnerability has been fixed in version 1.8.13.

**Other vulnerabilities in this plugin**

 0 present

 3 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2022-36404: WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability - Patchstack

Auth. (subscriber+) Broken Access Control vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemap.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

*   Nonce Security!
*   Generates META tags automatically.
*   Works out-of-the-box. Just install!
*   You can override any title and set any META description and any META keywords you want!
*   Google Analytic 4!
*   Google Webmaster Tools!
*   Bing verification & Yandex verification!
*   Twitter and Facebook customization!
*   Quickedit SEO titles and descriptions!
*   Import Yoast SEO data!
*   Import Rank Math SEO data!
*   Import All In One SEO data!
*   Supports custom post types!

1.  Upload the plugin files to the /wp-content/plugins/cds-simple-seo directory, or install the plugin through the WordPress plugins screen directly.
2.  Activate the plugin through the ‘Plugins’ screen in WordPress.
3.  Use the Settings -> Simple SEO screen to configure the sitemap, the META info for the homepage, Google webmaster tools, Google analytic, etc.

If upgrading, please back up your database first!

Please email dave@coleds.com with any questions.

Q: How does front page title and description work.

A: The default title and description will be used under settings. If the front page, or blog page are used, then those pages meta information will be used.

Keep it up Mr. Cole. Simplicity in chaos is the correct path.

As feedback, We are not pleased with the way the plugin is set, but also with the support provided to properly configuring it. This made us simply unistalled it. Perhaps you guys may need to include more people to help you with this area, while having videos, screenshots and all the information available to configure the plugin easy and efficiently, but also providing a lean and clean way to unistall it if the case arises. At the end all is about service quality and customer experience.

JUST AWESOME & simple. please add redirect url. complete!

Finally after searching through SEO plugins all day I came across this one. Does exactly what I wanted, nothing superfluous. Excellent!

Great SEO plug-in! Puts the control back to the user without all the smoke and mirrors of Yoast, AIOSEO, et. al. Study your SEO manual, install this WordPress plug-in, and you're set.

Finally, a simple plugin just to add custom keyword and meta description like the old days.

Read all 14 reviews

“Simple SEO” is open source software. The following people have contributed to this plugin.

Contributors

*    David Cole

**1.1.0**

*   Added Google webmaster tools and analytic

**1.2.0**

Release Date: August 11th, 2017

*   Enhancements
    
    *   Added Robot NOINDEX and NOFOLLOW
    *   Added a preview sections for how the meta information should show on a search engine page.
    *   Added pre\_get\_document\_title for compatibility
*   Bugfixes
    
    *   Fixes a typo in the readme.txt :-p

**1.2.1**

Release Date: August 24th, 2017

*   Bugfixes
    *   Google Verification fixed/updated.

**1.2.2**

Release Date: August 30th, 2017

*   Bugfixes
    *   Fixed title, description, etc from showing a empty result () if it’s not specified.
    *   Added some simple code to generate default metadata if none is specified.

**1.2.3**

*   Enhancements
    *   Added settings link to plugin page.
    *   Updated the GA script/code.
    *   Various minor changes for future updates.

**1.3.0**

Release Date: April 17th, 2018

*   Enchancments
    
    *   Complete overhaul of Simple SEO presentation when editing pages, posts, etc.
    *   Lots of code optimization.
*   Random
    
    *   Updated the license to: GPLv3

**1.3.1**

Release Date: May 21st, 2018

*   Bugfixes
    *   Fixed a bug which prevented the keywords and description from showing. Thank you Aletta!

**1.3.2**

Release Date: May 28th, 2018

*   Bugfixes
    *   Fixed a bug which displayed Google Analytic even if a code was not added. Thank you Mahendra!

**1.3.3**

Release Date: June 21th, 2018

*   Enchancments
    *   Added meta title and meta description input fields to quick edit and bulk edit.
    *   Added meta titles and meta description to index; where applicable

**1.3.4**

Release Date: July 5th, 2018

*   Bugfixes
    *   Quick edit fix.

**1.4.0**

Release Date: May 19th, 2019

*   Enchancments
    *   Facebook
    *   Twitter
    *   Bing Verification
    *   Baidu Verification
    *   Yandex Verification

**1.4.1**

Release Date: May 22nd, 2019

*   Bugfix
    *   WooCommerce compadability – Thank you Andrew.

**1.4.2**

Release Date: May 23rd, 2019

*   Bugfix
    *   WooCommerce compadability – Thank you Andrew.

**1.4.3**

Release Date: June 13th, 2019

*   Enchancments
    *   Added quick edit for posts
    *   Added the option to import Yoast SEO data into Simple SEO. This can be found under Settings -> Simple SEO at the bottom of the page.

**1.4.4**

Release Date: June 13th, 2019

*   Enchancments
    *   Added post\_name to the columns options

**1.4.5**

Release Date: June 13th, 2019

*   Enchancments
    *   Added taxonomy support
    *   Including WooCommerce taxonomy support!

**1.4.6**

Release Date: June 13th, 2019

*   Bugfix
    *   Taxonomy fix.

**1.4.8**

Release Date: June 14th, 2019

*   Bugfix
    *   WooCommerce compadability issue for those not running woocommerce. Fixed.

**1.4.9**

Release Date: June 14th, 2019

*   Bugfix
    *   d2.roth posted a bug with contact form 7. Fixed.

**1.5**

Release Date: Feb 27th, 2020

*   Enchancments
    *   Quickedit for custom post types
    *   Column sorting

**1.5.1**

Release Date: June 16th, 2020

*   Bugfix
    *   Fix an issues where the default meta data was not showing on the static post front page.

**1.5.2**

Release Date: October 12th, 2020

*   Bugfix
    *   WooCommerce CSS updates.

**1.5.3**

Release Date: October 14th, 2020

*   Bugfix
    *   WooCommerce updates.

**1.5.6**

Release Date: December 4th, 2020

*   Update
    *   Minor updates to code.

**1.6**

Release Date: December 7th, 2020

*   Update
    *   Added sitemap generation.

**1.6.1**

Release Date: December 7th, 2020

*   Update
    *   added htmlspecialchars() to url for sitemap.

**1.6.2**

Release Date: December 8th, 2020

*   Update
    *   updated the date format in sitemap.

**1.6.4**

Release Date: December 9th, 2020

*   Update
    *   Disabled sitemap generation on admin\_init
    *   Removed noindex, nofollow pages (Simple SEO) from sitemap
    *   Added more translation features/options (more coming soon.)
    *   Added action for transition\_post\_status to update sitemap, if sitemap generation is enabled.

**1.6.5**

Release Date: December 9th, 2020

*   Bugfix
    *   Modified the transition\_post\_status

**1.6.6**

Release Date: Jan 1st, 2021

*   Update
    *   Added some more translation capabiltiies
    *   Added the abilty to import infor from All in One SEO and Rank Math. Enjoy!

**1.6.7**

Release Date: Jan 1st, 2021

*   Update
    *   Corrected some typos.

**1.6.8**

Release Date: March 3rd, 2021

*   Update
    *   Corrected some typos.

**1.6.9**

Release Date: July 19th, 2021

*   Update
    *   WordPress 5.8.
    *   Blog page title shows if using a static page
    *   Some other minor fixes.
    *   Added supportt for Google Analytic 4

**1.7**

Release Date: August 11th, 2021

*   Bugfix
    *   Fixed homepage title bug for static page.
    *   Fixed keywords being erased when using quickedit.

**1.7.1**

Release Date: October 19th, 2021

*   New Feature
    *   Added canonical urls.

**1.7.2**

Release Date: Jan 20th, 2022

*   Bugfix
    *   Taxonomy code updates and meta title fixes provides by Daniel Roth. Thanks Daniel!

**1.7.3**

Release Date: March 6th, 2022

*   Bugfix
    *   Search title update. Thanks Daniel Roth!

**1.7.4**

Release Date: March 6th, 2022

*   Bugfix
    *   og and twitter title update.

**1.7.5**

Release Date: March 14th, 2022

*   Bugfix
    *   Category forwardslash issue fix. Thanks Daniel Roth!

**1.7.7**

Release Date: May 8th, 2022

*   Update for WP 6.0

**1.7.8**

Release Date: June 20th, 2022

*   Archive pages titles, descriptions, og data fixed!
*   Sitemaps fixed; for now it will only show pages and posts. Recommend using WordPress built in Sitemap as this sitemap feature will be removed in the future.

**1.7.9**

Release Date: July 10th, 2022

*   Updated sseoGetTitle() for archive pages.

**1.7.91**

Release Date: July 11th, 2022

*   Updated sseoGetTitle() for WooCommerce shop page.

**1.7.96**

Release Date: July 25th, 2022

*   Updates for WordPress compliance.

**1.7.98**

Release Date: July 26th, 2022

*   Update is\_home\_posts\_page()

**1.7.99**

Release Date: August 18th, 2022

*   Update to FB/OG meta data.

**1.8.0**

Release Date: August 18th, 2022

*   Update to FB/OG meta data.

**1.8.1**

Release Date: Sept 4th, 2022

*   Updated default meta titles, descriptions and keywords.
*   More updates coming for default FB, Twitter, and erasing database information on uninstall.

**1.8.12**

Release Date: Sept 7th, 2022

*   Fixed meta description issue.

**1.8.13**

Release Date: October 14th, 2022

*   Removed Baidu.
*   Removed Sitemaps; WordPress has a built in Sitemap, no need for this functionality.

**1.8.14**

Release Date: October 26th, 2022

*   Preping for WordPress 6.1

**1.8.15**

Release Date: October 26th, 2022

*   Preping for WordPress 6.1
*   Added screenshots
*   Removed obsolete code functions

CVE-2022-36404: Simple SEO

Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content Egg plugin <= 5.4.0 on WordPress.

 Verified

 Fixed

**4.3**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 5.4.0

PSID 

82709e0872da

Classification 

Cross Site Request Forgery (CSRF)

OWASP Top 10 

A5: Broken Access Control

Publicly disclosed

2022-10-31

**Details**

Cross-Site Request Forgery (CSRF) vulnerability leading to Autoblogging Removal discovered by Muhammad Daffa (Patchstack Alliance) in the WordPress Content Egg plugin (versions <= 5.4.0).

**Solution**

Update the WordPress Content Egg plugin to the latest available version (at least 5.5.0).

**References**

CVE-2022-25952: WordPress Content Egg plugin <= 5.4.0 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.

*   Details
*   Reviews
*   Support
*   Development

Publique banners no seu blog de maneira rápida e efetiva, e converta visitantes em subscribers, leads ou clientes sem precisar entender código. Esses calls-to-action (CTAs) serão publicados diretamente do seu painel do WordPress e poderão ser monitorados através do Google Analytics.

**Adicione os banners em massa**

Seus posts estão sendo criados, mas você tem problemas quando o assunto é aumentar o número de conversões? Publique seus banners em todos os seus posts sem mexer diretamente no código.

**Organize de acordo com categorias**

Para facilitar, os banners podem ser organizados para serem apresentados de acordo com a categoria dos posts do seu blog. Assim fica fácil manter o controle sobre o que cada conteúdo irá apresentar.

**Personalize e obtenha melhores resultados**

Posicione o CTA dentro dos posts escolhendo entre o topo e o final do conteúdo, programe a data do lançamento e personalize as tags HTML para obter melhores resultados.

**Analise os resultados**

Insira UTMs (as tags de monitoramento padrão do Google) para monitorar os resultados diretamente no Google Analytics.

**Outras funcionalidades**

*   Compatível com SEO.
*   Compatível com qualquer versão do WordPress, sem a necessidade de customização de estilo (CSS).
*   Compatível com AMP.
*   Responsivo (funciona em qualquer dispositivo).
*   Disponível em inglês (en) e português (pt-br).
*   Clique aqui para ver exemplos online.

Avalie o plugin deixando uma classificação ou sugira novas features no fórum de suporte.

Feito com ❤ pelo time da Rock Content no #SanPedroValley.

Rock Convert will definitely save you some hours of manual work through enabling you to scale banner distribution across your blog and converting users to leads. If you download it, you will not regret!

As estatísticas pararam de funcionar. Testei direto no PHP e direto no texto também, mas não contabiliza mais. Utilizo o plugin há tempos e funcionava. Estou usando a versão 2.9.5.

Instalei pois necessitava de uma caixa de captura para newsletter. A caixa é a com o melhor design e a mais fácil de configurar entre todas as opções que vi (testei várias). Porém a mesma não funciona no site versão AMP. Uso o AMP oficial do Wordpress. Entrei em contato com o suporte e infelizmente também não conseguiram resolver. Sá não tirei ainda do meu site, pois os demais plugins de newsletter não me agradaram.

Gostei mas o plugin não está atualizado, só queria adicionar CTA de baixar o conteúdo em páginas e não artigos. Está causando erro quando atualiza a nova versão do WordPress.

Sou desenvolvedor e sempre instalo nos WP que faço. Com ele de maneira muito fácil você consegue colocar e partes estratégicas do site um action para sua LP e assim aumentar o número de leads

Ainda não experimentei pois o WP só permite instalação de plugins no plano pago(pago eu utilizo o Wix). Ou plano de hospedagem profissional, mas a princípio para uma forma de adSense da RockContent.

Read all 20 reviews

“Rock Convert” is open source software. The following people have contributed to this plugin.

Contributors

*    Rock Content

**3.0.0**

*   Revisão completa do plugin
*   Refatorado o código para melhor desempenho e segurança
*   Todas as variáveis e opções foram escapadas a fim de evitar ataques XSS
*   Refatoração baseada no WordPress Coding Standard

**2.11.0**

Correção:  
\* Corrigidos pontos de vulnerabilidade XSS  
\* Melhoria na semântica dos formulários da área administrativa  
\* Corrigida chamada a API Rest

**2.10.2**

Improvements:  
\* Improvements in the plugin security

**2.10.1**

Correção:  
\* Css which affected the theme fixed

**2.10.0**

Correção:  
\* Fix popup front

**2.9.9**

Correção:  
\* Fix query categories and layout admin

**2.9.8**

Correção:  
\* Correção do formulário de popup

**2.9.7**

Correção:  
\* Melhorias no layout do preview

**2.9.6**

Correção:  
\* Correção de chamada de função javascript  
\* Melhorias no layout do preview

**2.9.5**

Correção:  
\* Correção dos endpoints rest

**2.9.4**

Correção:  
\* Correção de css dos titulos do blog

**2.9.3**

Correção:  
\* Correção de versão do arquivo javascript

**2.9.2**

Correção:  
\* Correção de bug no campo de widget

**2.9.1**

Correção:  
\* Correção de bug no layout do admin

**2.9**

Novidades:  
\* Adição de nova funcionalidade de popup exit

**2.8.1**

Melhorias:  
\* Corrigida chamada rest  
\* Corrigida quebra de layout no painel

**2.8**

Novidades:  
\* Adicionado novos campos para o formulário do widget

**2.7.1**

Novidades:  
\* Adicionado painel para visualização das leads

**2.7.0**

Novidades:  
\* Suporte a tags  
\* Possibilidade de escolher regras de exibição mais refinadas

**2.2.0**

Novidades:  
\* Nova funcionalidade: Barra de anúncios no topo do site  
\* Nova funcionalidade: CTA customizavel na barra lateral

Melhorias:  
\* Altera separador ao exportar para arquivo CSV de ; para ,  
\* Permite alterar a mensagem de sucesso do widget Caixa de captura  
\* Permite alterar o titulo e o texto do botão na caixa de download

**2.1.4**

Melhorias:  
\* Adiciona suporte a event tracking para o Google Analytics  
\* Reduz o tamanho do script necessário para utilizar o Rock Convert

**2.1.3**

Correção:  
\* Previne que aconteça o Fatal Error na função get\_rest\_url

Melhorias:  
\* Previne que as visualizações dos CTAs sejam bloqueadas por plugins de cache

**2.1.2**

Melhorias:  
\* Permite cadastrar parametros customizados no link do CTA  
\* Adiciona suporte ao WordPress 5.0  
\* Adiciona formulário na página de configurações para se inscrever na newsletter do Rock Convert

**2.1**

Novas funcionalidades  
\* Adiciona Widget com caixa de captura de e-mails

**2.0.11**

Correção:  
\* Previne que o erro “Undefined index” aconteça ao mostrar banners na página do post

**2.0.0**

Melhorias:  
\* Visibilidade: Agora é possível escolher páginas onde um banner não deve aparecer;  
\* Shortcode: Todo banner tem um shortcode único que pode ser adicionado em qualquer posição de qualquer conteúdo;

Novas funcionalidades:  
\* Analytics: saiba como seus CTAs estão performando diretamente no painel do wordpress;  
\* Captura de leads: Disponibilize seus posts para download no formato PDF e capture os e-mails;  
\* Faça download dos leads no formato CSV

**1.0.0**

*   Permite criar CTAs
*   Permite selecionar as categorias onde o CTA deve aparecer
*   Permite selecionar a imagem do CTA
*   Permite selecionar onde o CTA deve aparecer (início ou fim do post)
*   Permite cadastrar as UTM Tags para o link

CVE-2022-36428: Rock Convert

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

 Verified

 Fixed

**5.4**

CVSS 3.1 score Medium severity

Report  

Monitoring Not reported to be exploited

Vulnerable versions

<= 2.5.5

PSID 

617c5379e375

Classification 

Cross Site Request Forgery (CSRF)

OWASP Top 10 

A5: Broken Access Control

Publicly disclosed

2022-10-13

**Details**

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin settings reset was discovered by Mika (Patchstack Alliance) in the WordPress Page View Count plugin (versions <= 2.5.5).

**Solution**

Update the WordPress Page View Count plugin to the latest available version (at least 2.5.6).

**References**

CVE-2022-40131: WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress.

**4ecps-webforms**

*   Details
*   Reviews
*   Support
*   Development

**Description**

This plugin has been closed as of November 2, 2022 and is not available for download. This closure is temporary, pending a full review.

**Blocks**

This plugin provides 6 blocks.

*   4ECPS - Dynamic Content Block
*   4ECPS - Web Form
*   4ECPS - Story board
*   4ECPS Web Forms
*   4ECPS Web Forms
*   4ECPS Web Forms

**Reviews**

There are no reviews for this plugin.

**Contributors & Developers**

“4ECPS Web Forms” is open source software. The following people have contributed to this plugin.

Contributors

CVE-2022-44628: 4ECPS Web Forms

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Wordfence is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA, or CVE Numbering Authority. As a CNA, Wordfence assigns CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes.

Assigned CVE IDs and the vulnerability details are published below. For more information about submitting vulnerabilities to Wordfence for CVE ID assignment, please refer to our vulnerability disclosure policy.

This is a continuation of Vulnerability Advisories.

**VR Calendar <= 2.3.3 – Cross-Site Request Forgery**

**Affected Plugin:** VR Calendar  
**Plugin Slug:** vr-calendar-sync  
**Affected Versions:** <= 2.3.3  
**CVE ID:** CVE-2022-3852  
**CVSS Score:** 8.8 (High)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
**Researcher/s:** Marco Wotschka  
**Fully Patched Version:** 2.3.4  
**Recommended Remediation:** Update to version 2.3.4, or newer.  
**Publication Date:** 2022-11-03

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

**Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 – Missing Authorization on AJAX Actions**

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin’s settings and modifying the ordering system preferences.

**Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 – Cross-Site Request Forgery**

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as forms\_action, set\_option, & chosen\_options to name a few . This makes it possible for unauthenticated attackers to perform a variety of administrative actions like modifying forms, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Admin+) Limited Remote Code Execution via um\_populate\_dropdown\_options**

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the populate\_dropdown\_options function that accepts user supplied input and passes it through call\_user\_func(). This is restricted to non-parameter PHP functions like phpinfo(); since user supplied parameters are not passed through the function. This makes it possible for authenticated attackers, with administrative privileges, to execute code on the server.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Admin+) Remote Code Execution via Multi-Select**

The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get\_option\_value\_from\_callback function that accepts user supplied input and passes it through call\_user\_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Contributor+) Directory Traversal via Shortcodes**

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the ‘template’ attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.

**Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 – Authenticated (Admin+) Directory Traversal**

The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the ‘pack’ parameter. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a file with the exact name ‘init.php’ then remote code execution may also be possible.

**Web Stories <= 1.24.0 – Server Side Request Forgery**

**Affected Plugin:** Web Stories  
**Plugin Slug:** web-stories  
**Affected Versions:** <= 1.24.0  
**CVE ID:** CVE-2022-3708  
**CVSS Score:** 9.6 (Critical)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N  
**Researcher/s:** Aymen Borgi  
**Fully Patched Version:** 1.25.0  
**Recommended Remediation:** Update to version 1.25.0, or newer.  
**Publication Date:** 2022-10-26

The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the ‘url’ parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

**ImageMagick Engine <= 1.7.4 – Cross-Site Request Forgery to Remote Command Execution**

**Affected Plugin:** ImageMagick Engine  
**Plugin Slug:** imagemagick-engine  
**Affected Versions:** <= 1.7.4  
**CVE ID:** CVE-2022-2441  
**CVSS Score:** 8.8 (High)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  
**Researcher/s:** Rasoul Jahanshahi  
**Fully Patched Version:** Unpatched.  
**Recommended Remediation:** Uninstall plugin from site until patched version available.  
**Publication Date:** 2022-10-17

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the ‘cli\_path’ parameter in versions up to, and including 1.7.4. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

**Log HTTP Requests <= 1.3.1 – Stored Cross-Site Scripting**

**Affected Plugin:** Log HTTP Requests  
**Plugin Slug:** log-http-requests  
**Affected Versions:** <= 1.3.1  
**CVE ID:** CVE-2022-3402  
**CVSS Score:** 6.1 (Medium)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N  
**Researcher/s:** Etan Imanol Castro Aldrete  
**Fully Patched Version:** 1.3.2  
**Recommended Remediation:** Update to version 1.3.2, or newer.  
**Publication Date:** 2022-10-05

The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cross-Site Scripting via logged HTTP requests in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers who can trick a site’s administrator into performing an action like clicking on a link, or an authenticated user with access to a page that sends a request using user-supplied data via the server, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

**Bricks 1.2 – 1.5.3 – Remote Code Execution**

**Affected Theme:** Bricks  
**Theme Slug:** bricks  
**Affected Versions:** 1.2 to 1.5.3  
**CVE ID:** CVE-2022-3401  
**CVSS Score:** 8.8 (High)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  
**Researcher/s:** Anonymous  
**Fully Patched Version:** 1.5.4  
**Recommended Remediation:** Update to version 1.5.4, or newer.  
**Publication Date:** 2022-10-03

The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.

**Bricks 1.0 – 1.5.3 – Missing Authorization to Arbitrary Content Creation/Modification**

**Affected Theme:** Bricks  
**Theme Slug:** bricks  
**Affected Versions:** 1.0 – 1.5.3  
**CVE ID:** CVE-2022-3400  
**CVSS Score:** 6.5 (Medium)  
**CVSS Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N  
**Researcher/s:** Anonymous  
**Fully Patched Version:** 1.5.4  
**Recommended Remediation:** Update to version 1.5.4, or newer.  
**Publication Date:** 2022-10-03

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks\_save\_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.

CVE-2022-3852: Vulnerability Advisories Continued - Wordfence

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attackers with minimal permissions to perform a wide variety of actions such as modifying the plugin's settings and modifying the ordering system preferences.

Tag

#wordpress