Theodoros Malachias

**Nome do software vulnerável e versões afetadas** Ninja Forms Contact Form, versões 3.6.24 e anteriores **Descrição** O problema está relacionado a uma vulnerabilidade de validação inadequada de entradas no Ninja Forms Contact Form. Essa vulnerabilidade afeta as versões especificadas do Ninja Forms Contact Form. **Recomendações** Para as versões 3.6.24 e anteriores, atualize para uma versão posterior à 3.6.24 para resolver o problema. No momento, não há informações sobre outras medidas de mitigação específicas para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy versions n/a through 3.7.19 **Description** The issue is related to the deserialization of untrusted data. This can potentially lead to security risks, as deserializing untrusted data can allow an attacker to execute malicious code. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions n/a through 3.7.19, update to a version later than 3.7.19 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webpushr Web Push Notifications plugin versions <= 4.34.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that can lead to Local File Inclusion (LFI). This means an attacker could potentially trick a user into performing unintended actions on the web application, which in turn could allow the inclusion of local files, potentially revealing sensitive information. **Recommendations** For Webpushr Web Push Notifications plugin versions <= 4.34.0, update to a version higher than 4.34.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** weDevs WP Project Manager versions through 2.6.0 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions through 2.6.0, update to a version later than 2.6.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Avoid using user-supplied input in SQL commands without proper sanitization until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rahul Aryan AnsPress plugin versions <= 4.3.0 **Description** The issue is a Stored Cross-Site Scripting (XSS) vulnerability that affects authenticated users with editor or higher privileges. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized access or data theft. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Rahul Aryan AnsPress plugin versions <= 4.3.0, update to a version higher than 4.3.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dylan James Zephyr Project Manager plugin versions <= 3.3.93 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 3.3.93, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 through 15.0 Odoo Enterprise versions 14.0 through 15.0 **Description** The issue is a cross-site scripting (XSS) problem in the Discuss app, allowing remote attackers to inject arbitrary web script in the browser of a victim by posting crafted contents. **Recommendations** For Odoo Community versions 14.0 through 15.0, update to a version that includes a fix for this issue. For Odoo Enterprise versions 14.0 through 15.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Discuss app until a patch is available.