Aman Rawat

**Name of the Vulnerable Software and Affected Versions** Modern Events Calendar versions through 7.29.0 **Description** An authorization issue exists in Modern Events Calendar, allowing exploitation due to incorrectly configured access control security levels. The issue allows unauthorized access. **Recommendations** Update Modern Events Calendar to a version later than 7.29.0.

**Nome do software vulnerável e versões afetadas** miniOrange YourMembership Single Sign On, versões 1.1.3 e anteriores **Descrição** O problema está relacionado a uma vulnerabilidade de falta de autorização, que permite a exploração de níveis de segurança de controle de acesso configurados incorretamente. **Recomendações** Para as versões 1.1.3 e anteriores, atualize para uma versão que contenha uma correção para este problema, uma vez que não há solução alternativa específica disponível para essas versões. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Aleksandar Urošević Stock Ticker versions 3.23.2 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting (XSS). This means an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions. **Recommendations** For versions 3.23.2 and earlier, update to a version later than 3.23.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Paytm Payment Gateway versions n/a through 2.7.0 **Description** A Server-Side Request Forgery (SSRF) issue affects the Paytm Payment Gateway. This issue allows an attacker to forge requests to the server, potentially leading to unauthorized access or data exposure. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Paytm Payment Gateway versions n/a through 2.7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhonePe Payment Solutions versions 1.0.0 through 1.0.15 **Description** A Server-Side Request Forgery (SSRF) issue affects PhonePe Payment Solutions. This issue allows for potential unauthorized access to internal systems. **Recommendations** For versions 1.0.0 through 1.0.15, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Paytm Payment Gateway versions through 2.7.3 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which can be exploited. **Recommendations** For versions through 2.7.3, update to a version later than 2.7.3 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Aleksandar Urošević Stock Ticker plugin versions <= 3.23.3 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions <= 3.23.3, update to a version higher than 3.23.3 to resolve the issue. At the moment, there is no information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** miniOrange YourMembership Single Sign On – YM SSO Login plugin versions 1.1.3 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin privileges can inject malicious scripts into the application, which can then be executed by other users. **Recommendations** For versions 1.1.3 and earlier, update to a version later than 1.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's administrative interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Martin Lees Exxp plugin versions <= 2.6.8 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects authenticated subscribers. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Martin Lees Exxp plugin versions <= 2.6.8, update to a version higher than 2.6.8 to resolve the issue.