Lokesh Dachepalli

**Nome do Software Vulnerável e Versões Afetadas** Nenhum software ou versão específica é mencionado nas descrições fornecidas. **Descrição** O problema está relacionado à falta de escape na saída no atributo `id` de listas de menu. Isso pode potencialmente levar a problemas em que a entrada do usuário não é devidamente sanitizada, embora detalhes específicos sobre exploração ou dispositivos afetados não sejam fornecidos. **Recomendações** Até o momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Plugin Easy Cache da bodi0 para o WordPress, versões até a 0.8, inclusive **Descrição** A vulnerabilidade é um problema de Stored Cross-Site Scripting (XSS) por meio do parâmetro `cache-folder`, devido à sanitização insuficiente de entradas e à falta de escapamento de saídas. Isso permite que invasores autenticados com permissões de nível de administrador ou superiores injetem scripts web arbitrários em páginas, os quais serão executados sempre que um usuário acessar uma página infectada. O problema afeta apenas instalações multisite e instalações nas quais o `unfiltered html` foi desativado. **Recomendações** Para versões até a 0.8, inclusive, considere desativar o parâmetro `cache-folder` até que um patch esteja disponível para impedir a exploração. Restrinja o acesso ao plugin Easy Cache para minimizar o risco de exploração, especialmente em instalações multisite e onde unfiltered html foi desativado. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** WattIsIt PayGreen – Ancienne version plugin versions <= 4.10.2 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For WattIsIt PayGreen – Ancienne version plugin versions <= 4.10.2, update to a version higher than 4.10.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin versions <= 1.0.2 **Description** A Cross-Site Request Forgery (CSRF) issue affects the specified plugin, allowing unauthorized actions to be performed on behalf of a user without their knowledge. **Recommendations** For versions <= 1.0.2, update to a version higher than 1.0.2 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** CPT Shortcode Generator plugin versions prior to 1.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin or higher privileges. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Anurag Deshmukh CPT Shortcode Generator plugin versions 1.0 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Anurag Deshmukh CPT Shortcode Generator plugin versions 1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Buildfail Localize Remote Images plugin versions 1.0.9 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions 1.0.9 and earlier, update to a version later than 1.0.9 to resolve the issue. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPZest Custom Admin Login Page | WPZest plugin versions 1.2.0 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects the WPZest Custom Admin Login Page plugin. This vulnerability requires authentication with admin+ privileges. **Recommendations** For WPZest Custom Admin Login Page | WPZest plugin versions 1.2.0 and earlier, update to a version later than 1.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the admin login page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** weebotLite plugin versions prior to 1.0.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects the weebotLite plugin. This vulnerability requires authentication with admin+ privileges. **Recommendations** For versions prior to 1.0.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin versions 1.0.2 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Eggemplo Gestion-Pymes plugin versions <= 1.5.6 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Eggemplo Gestion-Pymes plugin. **Recommendations** For Eggemplo Gestion-Pymes plugin versions <= 1.5.6, update to a version higher than 1.5.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Reservation.Studio Reservation.Studio widget plugin versions 1.0.11 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Reservation.Studio Reservation.Studio widget plugin. This issue allows for malicious requests to be made on behalf of a user without their knowledge or consent. **Recommendations** For versions 1.0.11 and earlier, update to a version later than 1.0.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kamyabsoft Chat Bee plugin versions prior to 1.1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Kamyabsoft Chat Bee plugin versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CodeSolz Easy Ad Manager plugin versions prior to 1.0.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions prior to 1.0.0, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mehjabin Orthi Interactive SVG Image Map Builder plugin versions <= 1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Mehjabin Orthi Interactive SVG Image Map Builder plugin. **Recommendations** For Mehjabin Orthi Interactive SVG Image Map Builder plugin versions <= 1.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.