Jakub Herman

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5.

**Nome do Software Vulnerável e Versões Afetadas** WP Document Revisions versões anteriores a 4.0.0 **Descrição** Uma falha de autorização ausente no plugin Ben Balter WP Document Revisions permite a exploração de níveis de segurança de controle de acesso configurados incorretamente. Trata-se de uma falha de controle de acesso interrompido onde o sistema não verifica adequadamente se um usuário possui as permissões necessárias para realizar uma ação. **Recomendações** Atualize para a versão 4.0.0 ou posterior.

**Nome do Software Vulnerável e Versões Afetadas** Stripe Payment Gateway for WooCommerce versões anteriores a 5.0.8 **Descrição** Existe uma falha de bypass de autenticação usando um caminho ou canal alternativo no ThemeHigh Stripe Payment Gateway for WooCommerce, que permite a exploração da recuperação de senha. **Recomendações** Atualize para uma versão posterior a 5.0.7.

**Name of the Vulnerable Software and Affected Versions** Bowo Admin and Site Enhancements (ASE) versions through 8.4.0 **Description** A missing authorization issue exists in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements, allowing exploitation of incorrectly configured access control security levels. The issue impacts the application’s access control mechanisms. **Recommendations** Update to a version later than 8.4.0.

**Name of the Vulnerable Software and Affected Versions** Brizy versions through 2.7.23 **Description** An issue exists in Brizy where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. The vulnerability allows unauthorized access. **Recommendations** Update Brizy to a version later than 2.7.23.

**Name of the Vulnerable Software and Affected Versions** EnvoThemes Envo Extra versions through 1.9.13 **Description** A missing authorization flaw exists in EnvoThemes Envo Extra. This issue allows exploitation of incorrectly configured access control security levels. The vulnerability relates to inadequate restrictions on access to resources or functionalities, potentially allowing unauthorized users to perform actions they should not be able to. The affected component is `envo-extra`. **Recommendations** Update Envo Extra to a version later than 1.9.13.

**Name of the Vulnerable Software and Affected Versions** YMC Filter & Grids versions through 3.5.1 **Description** An authorization issue exists in YMC Filter & Grids ymc-smart-filter. The issue involves exploiting incorrectly configured access control security levels. **Recommendations** Update YMC Filter & Grids to a version later than 3.5.1.

**Name of the Vulnerable Software and Affected Versions** Jeff Starr Simple Ajax Chat versions prior to 20251122 **Description** A flaw exists in Jeff Starr Simple Ajax Chat that allows retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere. **Recommendations** Update Jeff Starr Simple Ajax Chat to a version later than 20251121.

**Name of the Vulnerable Software and Affected Versions** Kodezen LLC Academy LMS versions through 3.5.3 **Description** An authorization issue exists in Kodezen LLC Academy LMS, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update Kodezen LLC Academy LMS to a version later than 3.5.3.

**Name of the Vulnerable Software and Affected Versions** totalsoft TS Poll versions through 2.5.5 **Description** The software contains a Server-Side Request Forgery (SSRF) flaw. This allows for Server Side Request Forgery. The vulnerability exists due to insufficient input validation, potentially allowing an attacker to make requests on behalf of the server. **Recommendations** Update totalsoft TS Poll to a version later than 2.5.5.