0Xvenus

**Name of the Vulnerable Software and Affected Versions** Appointify versions through 1.0.8 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Appointify. This allows attackers to perform actions on behalf of an authenticated user without their knowledge. **Recommendations** Update Appointify to a version later than 1.0.8.

**Name of the Vulnerable Software and Affected Versions** Appointify versions through 1.0.8 **Description** A flaw exists in Appointify that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could potentially allow an attacker to manipulate database queries. **Recommendations** Update Appointify to a version later than 1.0.8.

**Name of the Vulnerable Software and Affected Versions** Unlimited Elements For Elementor plugin for WordPress versions prior to 2.1 **Description** The Unlimited Elements For Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages when a user accesses the SVG file. Exploitation requires a form with a file upload field created using the premium version of the plugin, but the issue remains exploitable even after deactivation or uninstallation of the premium version. **Recommendations** Update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** tmontg1 Form Generator for WordPress versions through 1.5.2 **Description** The software contains a flaw related to improper handling of user-supplied data when creating web pages, which can lead to Cross-site Scripting (XSS). This specific instance allows for Stored XSS, meaning malicious scripts can be stored on the target server and executed by other users. **Recommendations** Update tmontg1 Form Generator for WordPress to a version later than 1.5.2.

Name of the Vulnerable Software and Affected Versions: Infility Global versions through 2.12.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions through 2.12.7, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VForm versions 3.1.14 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions 3.1.14 and earlier, update to a version later than 3.1.14 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.