0Xd4Rk5Id3

**Name of the Vulnerable Software and Affected Versions** Directorist Social Login versions prior to 2.1.4 **Description** Incorrect Privilege Assignment in Directorist Social Login allows for Privilege Escalation, a condition where a user can gain higher levels of access or permissions than intended. **Recommendations** Update to version 2.1.4.

**Name of the Vulnerable Software and Affected Versions** Directorist Booking versions prior to 3.0.2 **Description** Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) allows an attacker to interfere with the queries that an application makes to its database. This can lead to unauthorized access to sensitive data or modification of database records. **Recommendations** Update to version 3.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** WishList Member X versions through 3.29.0 **Description** The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts the application's ability to securely handle incoming data, potentially leading to unauthorized access or control. **Recommendations** Versions prior to 3.29.0 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cozmoslabs Profile Builder Pro versions through 3.13.9 **Description** The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, also known as a SQL Injection. This allows for Blind SQL Injection. The issue affects the application and could allow attackers to execute malicious SQL queries. No information is available regarding the number of potentially affected devices or real-world incidents. The vulnerability allows attackers to execute Blind SQL Injection. The vulnerable component is susceptible to exploitation via crafted SQL commands. **Recommendations** Update to version 3.14 to address the issue.

**Name of the Vulnerable Software and Affected Versions** Jordy Meow AI Engine versions through 3.3.2 **Description** The software contains an unrestricted file upload issue that allows the use of malicious files. The vulnerability involves the ability to upload files of dangerous types. **Recommendations** Update to a version later than 3.3.2.

**Name of the Vulnerable Software and Affected Versions** ikreatethemes Business Roy versions through 1.1.4 **Description** An issue exists in ikreatethemes Business Roy related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation of these levels. **Recommendations** Update ikreatethemes Business Roy to a version later than 1.1.4.

**Name of the Vulnerable Software and Affected Versions** blazethemes News Kit Elementor Addons versions through 1.4.2 **Description** An issue exists in blazethemes News Kit Elementor Addons where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. **Recommendations** Update blazethemes News Kit Elementor Addons to a version later than 1.4.2.

**Name of the Vulnerable Software and Affected Versions** sparklewpthemes Fitness FSE versions through 1.0.6 **Description** An authorization issue exists in sparklewpthemes Fitness FSE fitness-fse, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update sparklewpthemes Fitness FSE to a version later than 1.0.6.

**Name of the Vulnerable Software and Affected Versions** sparklewpthemes Hello FSE versions through 1.0.6 **Description** An authorization issue exists in sparklewpthemes Hello FSE, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update sparklewpthemes Hello FSE to a version later than 1.0.6.

**Name of the Vulnerable Software and Affected Versions** Metagauss RegistrationMagic versions through 6.0.6.9 **Description** The software contains a Cross-Site Request Forgery (CSRF) issue. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. **Recommendations** Update RegistrationMagic to a version newer than 6.0.6.9.

**Name of the Vulnerable Software and Affected Versions** Everest Backup versions through 2.3.9 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Everest Backup, potentially allowing Path Traversal. **Recommendations** Versions prior to 2.3.9 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RedefiningTheWeb WordPress Contact Form 7 PDF, Google Sheet & Database versions through 3.0.0 **Description** The software contains an unrestricted file upload issue that allows the use of malicious files. The issue affects the WordPress Contact Form 7 PDF, Google Sheet & Database plugin. **Recommendations** Versions prior to and including 3.0.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** tPlayer versions through 1.2.1.6 **Description** A flaw exists in tPlayer that allows for SQL Injection. This issue is due to improper neutralization of special elements used in an SQL command. The affected component is tplayer-html5-audio-player-with-playlist. **Recommendations** Update tPlayer to a version later than 1.2.1.6.

**Name of the Vulnerable Software and Affected Versions** Roxnor PopupKit versions through 2.1.5 **Description** A flaw exists in Roxnor PopupKit’s popup-builder-block component that allows for Blind SQL Injection. This is due to improper neutralization of special elements used in an SQL command. The `popup-builder-block` component is susceptible to exploitation through specially crafted SQL queries. **Recommendations** Update Roxnor PopupKit to a version later than 2.1.5.

**Name of the Vulnerable Software and Affected Versions** extendons WooCommerce Registration Fields Plugin - Custom Signup Fields versions through 3.2.3 **Description** The extendons WooCommerce Registration Fields Plugin - Custom Signup Fields contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is susceptible to exploitation through crafted input. **Recommendations** Update extendons WooCommerce Registration Fields Plugin - Custom Signup Fields to a version later than 3.2.3.

**Name of the Vulnerable Software and Affected Versions** Cynob IT Consultancy Auto Login After Registration versions through 1.0.0 **Description** The Auto Login After Registration component contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This issue could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is `auto-login-after-registration`. **Recommendations** Update Cynob IT Consultancy Auto Login After Registration to a version later than 1.0.0.

**Name of the Vulnerable Software and Affected Versions** gAppointments versions through 1.14.1 **Description** The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting (XSS) issue. This allows for Reflected XSS attacks. **Recommendations** Update gAppointments to a version later than 1.14.1.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Vehicle Parts Finder versions through 3.7 **Description** The WooCommerce Vehicle Parts Finder component contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts through a vulnerable endpoint. The vulnerable component is `woo-vehicle-parts-finder`. **Recommendations** Update WooCommerce Vehicle Parts Finder to a version later than 3.7.

**Name of the Vulnerable Software and Affected Versions** FantasticPlugins SUMO Memberships for WooCommerce versions through 7.6.0 **Description** An authorization issue exists in FantasticPlugins SUMO Memberships for WooCommerce. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update FantasticPlugins SUMO Memberships for WooCommerce to a version newer than 7.6.0.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Registration Fields Plugin - Custom Signup Fields versions through 3.2.3 **Description** The WooCommerce Registration Fields Plugin - Custom Signup Fields contains a flaw related to incorrect privilege assignment, potentially allowing privilege escalation. **Recommendations** Update WooCommerce Registration Fields Plugin - Custom Signup Fields to a version later than 3.2.3.