Autor: Jose Alexis Correa Valencia

The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server

The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

The does not sanitise and escape some parameters when outputting them back in a page, allowing unauthenticated users the ability to perform stored Cross-Site Scripting attacks.

The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

The DesignThemes Core Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

To exploit the vulnerability, it is necessary:

The WP-Recall WordPress plugin before 16.26.12 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the SSH server on B&R APROL