Deokhunkim

**Nome do software vulnerável e versões afetadas** Manager for Icomoon, versões n/a a 2.0 **Descrição** O problema está relacionado a uma vulnerabilidade de “Upload irrestrito de arquivos com tipos perigosos”. Isso permite o upload de arquivos com tipos potencialmente perigosos, o que pode levar a problemas de segurança. **Recomendações** Para as versões n/a a 2.0, atualize para uma versão que corrija este problema, uma vez que não são fornecidas medidas de mitigação específicas para essas versões. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Theme Demo Import versions 1.1.1 and earlier **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import. This allows for the upload of files with potentially dangerous types, which could lead to security issues. **Recommendations** For Theme Demo Import versions 1.1.1 and earlier, update to a version that fixes this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Olive One Click Demo Import versions 1.1.1 and earlier **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Olive One Click Demo Import. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Olive One Click Demo Import versions 1.1.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyTechTalky User Location and IP plugin versions 1.6 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by contributors or users with higher authentication levels. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For MyTechTalky User Location and IP plugin versions 1.6 and earlier, update to a version later than 1.6 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ashish Ajani WordPress Simple HTML Sitemap plugin versions <= 2.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by contributors or higher-privileged users. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Ashish Ajani WordPress Simple HTML Sitemap plugin versions <= 2.1, update to a version higher than 2.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Stockdio Stock Quotes List plugin versions <= 2.9.9 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects the Stockdio Stock Quotes List plugin. This vulnerability requires authentication and is limited to users with contributor or higher permissions. **Recommendations** For versions <= 2.9.9, update to a version higher than 2.9.9 to resolve the issue. As a temporary workaround, consider restricting access to the plugin for users with contributor permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Theme Palace TP Education plugin versions prior to 4.4 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to be stored on the server and executed when other users access the affected page. **Recommendations** For Theme Palace TP Education plugin versions prior to 4.4, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Julien Crego Manager for Icomoon plugin versions <= 2.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with contributor or higher permissions. This type of vulnerability allows an attacker to inject malicious scripts into the application, which can then be executed by other users. **Recommendations** For Julien Crego Manager for Icomoon plugin versions <= 2.0, update to a version higher than 2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TheGuideX User IP and Location plugin versions <= 2.2 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions. **Recommendations** For TheGuideX User IP and Location plugin versions <= 2.2, update to a version higher than 2.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Justin Saad Simple Tooltips plugin versions <= 2.1.4 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions <= 2.1.4, update to a version higher than 2.1.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin versions <= 3.2.4 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions <= 3.2.4, update to a version greater than 3.2.4 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.