Chris Liu

**Name of the Vulnerable Software and Affected Versions** Email Subscribers & Newsletters versions prior to 3.5.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting. **Recommendations** For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Google Map Plugin versions prior to 4.0.4 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For WP Google Map Plugin versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Open Graph for Facebook, Google+ and Twitter Card Tags plugin versions prior to 2.2.4.1 for WordPress **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which is a cross-site scripting vulnerability. **Recommendations** For versions prior to 2.2.4.1, update to version 2.2.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PixelYourSite plugin versions prior to 5.3.0 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For PixelYourSite plugin versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BackupGuard versions prior to 1.1.47 **Description** A cross-site scripting issue allows an attacker to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 1.1.47, update to version 1.1.47 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Simple Custom CSS and JS versions prior to 3.4 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 3.4, update to version 3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP-Members versions prior to 3.1.8 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 3.1.8, update to version 3.1.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Live Chat Support versions prior to 7.0.07 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 7.0.07, update to version 7.0.07 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Captcha versions prior to 4.3.0 Car Rental versions prior to 1.0.5 Contact Form Multi versions prior to 1.2.1 Contact Form versions prior to 4.0.6 Contact Form to DB versions prior to 1.5.7 Custom Admin Page versions prior to 0.1.2 Custom Fields Search versions prior to 1.3.2 Custom Search versions prior to 1.36 Donate versions prior to 2.1.1 Email Queue versions prior to 1.1.2 Error Log Viewer versions prior to 1.0.6 Facebook Button versions prior to 2.54 Featured Posts versions prior to 1.0.1 Gallery Categories versions prior to 1.0.9 Gallery versions prior to 4.5.0 Google +1 versions prior to 1.3.4 Google AdSense versions prior to 1.44 Google Analytics versions prior to 1.7.1 Google Captcha (reCAPTCHA) versions prior to 1.28 Google Maps versions prior to 1.3.6 Google Shortlink versions prior to 1.5.3 Google Sitemap versions prior to 3.0.8 Htaccess versions prior to 1.7.6 Job Board versions prior to 1.1.3 Latest Posts versions prior to 0.3 Limit Attempts versions prior to 1.1.8 LinkedIn versions prior to 1.0.5 Multilanguage versions prior to 1.2.2 PDF & Print versions prior to 1.9.4 Pagination versions prior to 1.0.7 Pinterest versions prior to 1.0.5 Popular Posts versions prior to 1.0.5 Portfolio versions prior to 2.4 Post to CSV versions prior to 1.3.1 Profile Extra versions prior to 1.0.7 PromoBar versions prior to 1.1.1 Quotes and Tips versions prior to 1.32 Re-attacher versions prior to 1.0.9 Realty versions prior to 1.1.0 Relevant - Related Posts versions prior to 1.2.0 Sender versions prior to 1.2.1 SMTP versions prior to 1.1.0 Social Buttons Pack versions prior to 1.1.1 Subscriber versions prior to 1.3.5 Testimonials versions prior to 0.1.9 Timesheet versions prior to 0.1.5 Twitter Button versions prior to 2.55 User Role versions prior to 1.5.6 Updater versions prior to 1.35 Visitors Online versions prior to 1.0.0 Zendesk Help Center versions prior to 1.0.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu, which is a cross-site scripting vulnerability. **Recommendations** As a temporary workaround, consider disabling the function to display the BestWebSoft menu until a patch is available. Update Captcha to version 4.3.0 or later. Update Car Rental to version 1.0.5 or later. Update Contact Form Multi to version 1.2.1 or later. Update Contact Form to version 4.0.6 or later. Update Contact Form to DB to version 1.5.7 or later. Update Custom Admin Page to version 0.1.2 or later. Update Custom Fields Search to version 1.3.2 or later. Update Custom Search to version 1.36 or later. Update Donate to version 2.1.1 or later. Update Email Queue to version 1.1.2 or later. Update Error Log Viewer to version 1.0.6 or later. Update Facebook Button to version 2.54 or later. Update Featured Posts to version 1.0.1 or later. Update Gallery Categories to version 1.0.9 or later. Update Gallery to version 4.5.0 or later. Update Google +1 to version 1.3.4 or later. Update Google AdSense to version 1.44 or later. Update Google Analytics to version 1.7.1 or later. Update Google Captcha (reCAPTCHA) to version 1.28 or later. Update Google Maps to version 1.3.6 or later. Update Google Shortlink to version 1.5.3 or later. Update Google Sitemap to version 3.0.8 or later. Update Htaccess to version 1.7.6 or later. Update Job Board to version 1.1.3 or later. Update Latest Posts to version 0.3 or later. Update Limit Attempts to version 1.1.8 or later. Update LinkedIn to version 1.0.5 or later. Update Multilanguage to version 1.2.2 or later. Update PDF & Print to version 1.9.4 or later. Update Pagination to version 1.0.7 or later. Update Pinterest to version 1.0.5 or later. Update Popular Posts to version 1.0.5 or later. Update Portfolio to version 2.4 or later. Update Post to CSV to version 1.3.1 or later. Update Profile Extra to version 1.0.7 or later. Update PromoBar to version 1.1.1 or later. Update Quotes and Tips to version 1.32 or later. Update Re-attacher to version 1.0.9 or later. Update Realty to version 1.1.0 or later. Update Relevant - Related Posts to version 1.2.0 or later. Update Sender to version 1.2.1 or later. Update SMTP to version 1.1.0 or later. Update Social Buttons Pack to version 1.1.1 or later. Update Subscriber to version 1.3.5 or later. Update Testimonials to version 0.1.9 or later. Update Timesheet to version 0.1.5 or later. Update Twitter Button to version 2.55 or later. Update User Role to version 1.5.6 or later. Update Updater to version 1.35 or later. Update Visitors Online to version 1.0.0 or later. Update Zendesk Help Center to version 1.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** MaxButtons versions prior to 6.19 MaxButtons Pro versions prior to 6.19 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For MaxButtons versions prior to 6.19, update to version 6.19 or later. For MaxButtons Pro versions prior to 6.19, update to version 6.19 or later.