Lee Se Hyoung

**Nome do software vulnerável e versões afetadas** Contact Form With Captcha, versões 1.6.8 e anteriores **Descrição** O problema está relacionado à neutralização inadequada de entradas durante a geração de páginas da Web, também conhecida como Cross-site Scripting, permitindo XSS refletido. Isso significa que um invasor pode injetar scripts maliciosos no site, potencialmente roubando dados do usuário ou assumindo o controle das sessões dos usuários. **Recomendações** Para as versões 1.6.8 e anteriores, atualize para uma versão posterior à 1.6.8 para resolver o problema. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors versions 2.4.7 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. **Recommendations** For versions 2.4.7 and earlier, update to a version later than 2.4.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates versions 3.0.5 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consent. **Recommendations** For versions 3.0.5 and earlier, update to a version later than 3.0.5 to resolve the issue. As a temporary workaround, consider implementing additional validation checks for requests to prevent unauthorized actions.

**Name of the Vulnerable Software and Affected Versions** Gilles Dumas versions n/a through 4.9.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in a template file. **Recommendations** For versions n/a through 4.9.0, update to a version that fixes the Cross-site Scripting issue in the template file to prevent Reflected XSS attacks.

**Name of the Vulnerable Software and Affected Versions** HDW Player Plugin (Video Player & Video Gallery) versions n/a through 5.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session. **Recommendations** For versions n/a through 5.0, update to a version later than 5.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** affiliate-toolkit – WordPress Affiliate Plugin versions through 3.4.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. **Recommendations** For versions through 3.4.3, update to a version later than 3.4.3 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Timo Reith Post Status Notifier Lite plugin versions <= 1.11.0 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. **Recommendations** For Timo Reith Post Status Notifier Lite plugin versions <= 1.11.0, update to a version higher than 1.11.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Swashata WP Category Post List Widget versions 2.0.3 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 2.0.3 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gopi Ramasamy Vertical scroll recent post versions n/a through 14.0 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions n/a through 14.0, update to a version that includes a fix for this issue, however at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Korea SNS versions 1.6.3 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.6.3 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UserHeat Plugin versions 1.1.6 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.1.6 and earlier, update to a version that is not affected by this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mammothology WP Full Stripe Free versions 7.0.16 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Mammothology WP Full Stripe Free versions 7.0.16 and earlier, update to a version later than 7.0.16 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Add Local Avatar versions n/a through 12.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions n/a through 12.1, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ioannup Edit WooCommerce Templates plugin versions 1.1.1 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For ioannup Edit WooCommerce Templates plugin versions 1.1.1 and earlier, update to a version later than 1.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Gravity Master Product Enquiry for WooCommerce plugin versions prior to 3.0 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions prior to 3.0, update to a version that is 3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Baidu Tongji generator versions n/a through 1.0.2 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS in the Haoqisir Baidu Tongji generator. **Recommendations** For versions n/a through 1.0.2, as a temporary workaround, consider disabling the functionality that allows user input to prevent Stored XSS attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Stefano Ottolenghi Post Pay Counter plugin versions 2.784 through 2.789 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Stefano Ottolenghi Post Pay Counter plugin versions 2.784 through 2.789, update to a version later than 2.789 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** WebDorado WDSocialWidgets plugin versions prior to 1.0.16 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 1.0.16, update to version 1.0.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Category SEO Meta Tags plugin versions <= 2.5 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Category SEO Meta Tags plugin versions <= 2.5, update to a version higher than 2.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Event Manager plugin versions prior to 3.1.39 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For WP Event Manager plugin versions prior to 3.1.39, update to version 3.1.39 or later to resolve the issue.