Tran Nguyen Bao Khanh

**Nome do Software Vulnerável e Versões Afetadas** WP eMember versões anteriores a 10.2.3 **Descrição** Um problema no software permite a recuperação de informações confidenciais do sistema incorporadas por uma esfera de controle não autorizada. **Recomendações** Atualize para uma versão posterior a 10.2.2.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Melania versions through 2.5.0 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. The issue affects the software's handling of file inclusion, potentially allowing an attacker to include arbitrary local files. **Recommendations** Update ThemeREX Melania to a version later than 2.5.0.

**Name of the Vulnerable Software and Affected Versions** Ovatheme Tripgo versions prior to 1.5.6 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized access to local files within the system. **Recommendations** Update Ovatheme Tripgo to version 1.5.6 or later.

**Name of the Vulnerable Software and Affected Versions** WP eMember versions through 10.2.2 **Description** A missing authorization issue exists in Tips and Tricks HQ WP eMember, stemming from incorrectly configured access control security levels. This allows for unauthorized access. **Recommendations** Update WP eMember to a version newer than 10.2.2.

**Name of the Vulnerable Software and Affected Versions** BuddhaThemes ColorFolio - Freelance Designer WordPress Theme versions through 1.3 **Description** The software contains a flaw due to deserialization of untrusted data, which allows for object injection. The issue impacts the ColorFolio - Freelance Designer WordPress Theme. **Recommendations** Update to a version later than 1.3.

**Name of the Vulnerable Software and Affected Versions** WP eMember versions through 10.2.2 **Description** The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-Site Scripting (XSS) issue. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists because the application does not properly sanitize input before including it in the generated HTML output. The vulnerable component is susceptible to attacks where an attacker crafts a malicious URL containing the XSS payload. When a user clicks on this URL, the malicious script is executed in their browser within the context of the vulnerable website. The affected parameter is not specified. **Recommendations** Update WP eMember to a version later than 10.2.2.

**Name of the Vulnerable Software and Affected Versions** AncoraThemes Great Lotus versions through 1.3.1 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update AncoraThemes Great Lotus to a version later than 1.3.1.

**Name of the Vulnerable Software and Affected Versions** AncoraThemes The Mounty versions through 1.1 **Description** The software contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local File Inclusion. The issue is present in AncoraThemes The Mounty. **Recommendations** Versions prior to and including 1.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** AncoraThemes Honor versions prior to 2.3 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. **Recommendations** Update to a version newer than 2.3.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Justicia versions through 1.2 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. **Recommendations** Update to a version later than 1.2.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Malgré versions through 1.0.3 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files within the application. **Recommendations** Update to a version later than 1.0.3.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Marra versions through 1.2 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files within the application. **Recommendations** Update to a version later than 1.2.

**Name of the Vulnerable Software and Affected Versions** FixTeam versions through 1.4 **Description** A flaw exists in FixTeam that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote File Inclusion' condition. **Recommendations** Update FixTeam to a version later than 1.4.

**Name of the Vulnerable Software and Affected Versions** ThemeGoods Grand Wedding versions through 3.1.0 **Description** The software contains a flaw due to deserialization of untrusted data, which allows for object injection. **Recommendations** Update to a version later than 3.1.0.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Overton versions through 1.3 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Versions prior to or equal to 1.3 should be updated.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Dolcino versions through 1.6 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. **Recommendations** Update to a version later than 1.6.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Fiorello versions prior to 1.1 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. The affected component is the Fiorello theme. **Recommendations** Update to Fiorello version 1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Evently versions through 1.7 **Description** The Evently software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update Evently to a version later than 1.7.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Innovio versions through 1.7 **Description** A flaw exists in Mikado-Themes Innovio that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to PHP Remote File Inclusion. **Recommendations** Update Innovio to a version greater than 1.7.

**Name of the Vulnerable Software and Affected Versions** Mikado-Themes Fleur versions through 2.0 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Versions prior to or equal to 2.0 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.