4Rcanj0X!

**Name of the Vulnerable Software and Affected Versions** CyberChimps Responsive Blocks versions 1.9.9 and earlier **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions. **Recommendations** For versions 1.9.9 and earlier, update to a version that fixes the improper neutralization of input during web page generation to prevent Reflected XSS attacks. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website.

Name of the Vulnerable Software and Affected Versions: Noor alam Magical Addons For Elementor versions 1.2.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who visit the compromised page. The estimated number of potentially affected devices worldwide is not specified. Recommendations: For versions 1.2.6 and earlier, update to a version later than 1.2.6 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Visualmodo Borderless versions 1.5.8 and earlier Description: The issue affects Visualmodo Borderless, allowing Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation. This enables attackers to inject malicious scripts into web pages. Recommendations: For versions 1.5.8 and earlier, update to a version that addresses the Cross-Site Scripting issue, as no specific fix is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WordPress Page Builder – Zion Builder versions 3.6.12 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS, where an attacker can inject malicious scripts into the website. Recommendations: For versions 3.6.12 and earlier, update to a version later than 3.6.12 to resolve the issue. As a temporary workaround, consider restricting access to the page builder to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Codeless Cowidgets – Elementor Addons versions prior to 1.2.0 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into web pages. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable features in Codeless Cowidgets – Elementor Addons until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Bricksable for Bricks Builder versions 1.6.59 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.6.59 and earlier, update to a version later than 1.6.59 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gutenberg Blocks – Unlimited blocks For Gutenberg versions 1.2.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS. **Recommendations** For versions 1.2.7 and earlier, update to a version later than 1.2.7 to resolve the issue. As a temporary workaround, consider restricting access to the Gutenberg Blocks – Unlimited blocks For Gutenberg plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaRon LLC Custom Query Blocks versions n/a through 5.3.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, where an attacker can inject malicious scripts into a website, which are then stored and executed by the website. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions n/a through 5.3.1, update to a version later than 5.3.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Page Builder Addons Web and WooCommerce Addons for WPBakery Builder versions 1.4.6 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious scripts into a website, potentially affecting users who visit the site. **Recommendations** For versions 1.4.6 and earlier, update to a version later than 1.4.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SKT Blocks – Gutenberg based Page Builder versions n/a through 1.5 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in SKT Themes SKT Blocks – Gutenberg based Page Builder. **Recommendations** For versions n/a through 1.5, update to a version that contains a fix for this issue, as the current version allows Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PluginOps Landing Page Builder versions 1.5.2.0 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion in the PluginOps Landing Page Builder. **Recommendations** For PluginOps Landing Page Builder versions 1.5.2.0 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ultimate Store Kit Elementor Addons versions 1.6.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious code into a website, potentially affecting users who visit the site. **Recommendations** For Ultimate Store Kit Elementor Addons versions 1.6.4 and earlier, update to version 2.0.0 as soon as possible to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CyberChimps Responsive Blocks – WordPress Gutenberg Blocks versions 1.8.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, enabling an attacker to inject malicious scripts. The estimated number of potentially affected devices is not specified. **Recommendations** For versions 1.8.8 and earlier, update the plugin to the latest patched version, such as version 1.8.9, to patch this XSS vulnerability. As a temporary workaround, consider restricting access to the plugin until the update is applied.

**Name of the Vulnerable Software and Affected Versions** G5Theme Ultimate Bootstrap Elements for Elementor versions 1.4.4 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This vulnerability allows PHP Local File Inclusion. **Recommendations** For versions 1.4.4 and earlier, update to a version later than 1.4.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PickPlugins ComboBlocks versions 2.2.86 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.2.86 and earlier, update to a version later than 2.2.86 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Merkulove Selection Lite versions 1.11 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For Merkulove Selection Lite versions 1.11 and earlier, update to a version that fixes this issue, as the current version is affected by Stored XSS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modernaweb Studio Black Widgets For Elementor versions 1.3.5 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.3.5 and earlier, update to a version later than 1.3.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WidgetKit versions n/a through 2.5.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 2.5.0, update to a version later than 2.5.0 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Leap13 Premium Blocks – Gutenberg Blocks for WordPress versions 2.1.27 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.1.27 and earlier, update to a version later than 2.1.27 to resolve the issue. As a temporary workaround, consider restricting access to the input fields that allow web page generation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ultimate Blocks – Gutenberg Blocks Plugin versions 3.1.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in the Ultimate Blocks – Gutenberg Blocks Plugin. **Recommendations** For Ultimate Blocks – Gutenberg Blocks Plugin versions 3.1.9 and earlier, update to a version later than 3.1.9 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.