Theviper

**Nome do Software Vulnerável e Versões Afetadas** WPSubscription versões anteriores a 1.9.2 **Description** Uma falha de Cross-Site Request Forgery (CSRF) existe no plugin Convers Lab WPSubscription. Este problema permite que um invasor induza uma vítima a realizar ações não pretendidas na aplicação web, enganando-a para clicar em um link malicioso ou visitar uma página manipulada. **Recommendations** Atualize para uma versão posterior a 1.9.1.

**Name of the Vulnerable Software and Affected Versions** Ninja Tables versions through 5.2.5 **Description** A flaw exists in Ninja Tables that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. **Recommendations** Update Ninja Tables to a version newer than 5.2.5.

**Name of the Vulnerable Software and Affected Versions** Alobaidi Extend Link versions through 2.0.0 **Description** An issue exists in Alobaidi Extend Link that allows Server-Side Request Forgery (SSRF). This allows an attacker to potentially make requests on behalf of the server, potentially accessing internal resources or performing actions with elevated privileges. The vulnerability is present due to insufficient validation of user-supplied data. **Recommendations** Update Alobaidi Extend Link to a version newer than 2.0.0.

**Name of the Vulnerable Software and Affected Versions** omnipressteam Omnipress versions through 1.6.7 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be stored on the server and executed by other users who visit the affected web pages. The vulnerability exists due to insufficient sanitization of user-supplied input before it is included in the generated web pages. This could allow an attacker to inject malicious code into web pages viewed by other users. **Recommendations** Update omnipressteam Omnipress to a version later than 1.6.7.

**Name of the Vulnerable Software and Affected Versions** Bold Page Builder versions through 5.6.4 **Description** The Bold Page Builder software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious code can be injected into web pages, potentially affecting users who view those pages. The issue allows for the execution of arbitrary scripts within the context of a user's browser. The vulnerability is due to insufficient sanitization of user-supplied input when generating web pages. The affected component is the page builder functionality itself. **Recommendations** Update Bold Page Builder to a version later than 5.6.4.

**Name of the Vulnerable Software and Affected Versions** StellarWP iThemes Sync versions through 3.2.8 **Description** An authorization issue exists in StellarWP iThemes Sync. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update StellarWP iThemes Sync to a version later than 3.2.8.

**Name of the Vulnerable Software and Affected Versions** WPAdverts versions through 2.2.11 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. The issue allows exploitation of these levels. **Recommendations** Update WPAdverts to a version later than 2.2.11.

**Name of the Vulnerable Software and Affected Versions** Brecht Visual Link Preview versions through 2.2.9 **Description** A missing authorization flaw exists in Brecht Visual Link Preview, potentially allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update Brecht Visual Link Preview to a version newer than 2.2.9.

**Name of the Vulnerable Software and Affected Versions** Hyyan WooCommerce Polylang Integration versions through 1.5.0 **Description** A missing authorization issue exists in Hyyan WooCommerce Polylang Integration. The issue is due to incorrectly configured access control security levels, potentially allowing unauthorized access. The affected component is the `woo-poly-integration`. **Recommendations** Update Hyyan WooCommerce Polylang Integration to a version later than 1.5.0.

**Name of the Vulnerable Software and Affected Versions** Damian WP Popups versions through 2.2.0.3 **Description** An issue exists in Damian WP Popups wp-popups-lite related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation of access control. **Recommendations** Update Damian WP Popups to a version later than 2.2.0.3.

**Name of the Vulnerable Software and Affected Versions** omnipressteam Omnipress versions through 1.6.6 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update omnipressteam Omnipress to a version newer than 1.6.6.

**Name of the Vulnerable Software and Affected Versions** Kaira Blockons versions through 1.2.15 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be stored on the target server and executed in the context of other users' browsers. The vulnerability affects the Blockons application. **Recommendations** Update to a version newer than 1.2.15.

**Name of the Vulnerable Software and Affected Versions** Israpil Textmetrics webtexttool versions through 3.6.3 **Description** A flaw exists in Israpil Textmetrics webtexttool that allows for code injection due to improper neutralization of script-related HTML tags on a web page. This is a Basic Cross-Site Scripting (XSS) issue. The issue allows for code injection. **Recommendations** Update Israpil Textmetrics webtexttool to a version later than 3.6.3.

**Name of the Vulnerable Software and Affected Versions** bPlugins B Accordion versions through 2.0.0 **Description** A flaw exists in bPlugins B Accordion b-accordion that allows the retrieval of embedded sensitive data due to insertion of sensitive information into sent data. **Recommendations** Update to a version later than 2.0.0.

**Name of the Vulnerable Software and Affected Versions** iNET iNET Webkit versions through 1.2.4 **Description** An authorization issue exists in iNET iNET Webkit, specifically related to incorrectly configured access control security levels. This allows for potential exploitation of the system. **Recommendations** Update iNET iNET Webkit to a version later than 1.2.4.

**Name of the Vulnerable Software and Affected Versions** COP UX Flat versions through 5.4.0 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks. **Recommendations** Update COP UX Flat to a version later than 5.4.0.

**Name of the Vulnerable Software and Affected Versions** My auctions allegro versions prior to and including 3.6.33 **Description** The software contains a flaw related to improper control of filenames used in include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update My auctions allegro to a version newer than 3.6.33.

**Name of the Vulnerable Software and Affected Versions** Munir Kamal Block Slider versions through 2.2.3 **Description** A missing authorization issue exists in Munir Kamal Block Slider, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Versions prior to 2.2.3 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Matt WP Voting Contest versions through 5.8 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update Matt WP Voting Contest to a version later than 5.8.