Ivy (Toor

**Name of the Vulnerable Software and Affected Versions** Themefic Ultimate Addons for Contact Form 7 versions 3.1.23 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For Themefic Ultimate Addons for Contact Form 7 versions 3.1.23 and earlier, update to a version later than 3.1.23 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** MagePeople Team WpBusTicketly plugin versions prior to 5.2.6 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. **Recommendations** For versions prior to 5.2.6, update to version 5.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Alex Raven WP Report Post plugin versions <= 2.1.2 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This allows for malicious scripts to be injected into a website, potentially leading to unauthorized actions. **Recommendations** For versions <= 2.1.2, update to a version higher than 2.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simon Chuang WP LINE Notify plugin versions 1.4.4 and earlier **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For Simon Chuang WP LINE Notify plugin versions 1.4.4 and earlier, update to a version later than 1.4.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blindside Networks BigBlueButton plugin versions <= 3.0.0-beta.4 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 3.0.0-beta.4, update to a version later than 3.0.0-beta.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Trio Stock Sync for WooCommerce plugin versions <= 2.4.0 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For WP Trio Stock Sync for WooCommerce plugin versions <= 2.4.0, update to a version higher than 2.4.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeFlavors Vimeotheque: Vimeo WordPress Plugin versions 2.2.1 and earlier **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions 2.2.1 and earlier, update to a version later than 2.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin versions <= 5.4.5 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website without needing authentication, potentially allowing them to steal user data or take control of user sessions. **Recommendations** For versions <= 5.4.5, update to a version greater than 5.4.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the plugin until a patch is available. Avoid using the plugin's affiliate tracking features in sensitive contexts until the issue is resolved. At the moment, there is no information about additional mitigation measures.