Abdi Pranata

Name of the Vulnerable Software and Affected Versions: WP SmartPay versions n/a through 2.7.13 Description: An improper validation of the specified quantity in input exists in ThemesGrove WP SmartPay. Recommendations: Update WP SmartPay to a version later than 2.7.13.

**Name of the Vulnerable Software and Affected Versions** Spotlight - Social Media Feeds (Premium) versions 1.7.1 and earlier **Description** The issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This affects the Spotlight - Social Media Feeds (Premium) plugin, enabling the potential exposure of sensitive information. **Recommendations** For versions 1.7.1 and earlier, consider disabling the plugin until a patch is available to prevent the retrieval of embedded sensitive data. Restrict access to sensitive data to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP AutoKeyword versions n/a through 1.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For WP AutoKeyword versions n/a through 1.0, update to a version that fixes the Stored XSS issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mapro Collins Coming Soon Countdown versions n/a through 2.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions n/a through 2.2, update to a version that includes a fix for this issue, as using outdated versions may expose users to Cross-site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Helper Premium versions through 4.6.1 **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For versions through 4.6.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Listings for Buildium versions 0.1.4 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS. This means an attacker could potentially trick a user into performing unintended actions on the web application, and also store malicious scripts that would be executed by other users. **Recommendations** For versions 0.1.4 and earlier, update to a version that fixes the CSRF vulnerability, ensuring that proper validation and verification of requests are in place to prevent unauthorized actions. As a temporary workaround, consider implementing additional validation for requests to prevent CSRF attacks, and restrict the ability to store scripts to minimize the risk of Stored XSS.

**Name of the Vulnerable Software and Affected Versions** TableOn – WordPress Posts Table Filterable versions 1.0.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For TableOn – WordPress Posts Table Filterable versions 1.0.3 and earlier, update to a version later than 1.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DevriX Restrict User Registration versions 1.0.1 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts stored on the server. **Recommendations** For DevriX Restrict User Registration versions 1.0.1 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyBookProgress by Stormhill Media versions 1.0.8 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For MyBookProgress by Stormhill Media versions 1.0.8 and earlier, update to a version later than 1.0.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PlainInventory versions n/a through 3.1.9 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potentially leading to the execution of malicious scripts stored on the server. Recommendations: For PlainInventory versions n/a through 3.1.9, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Czater.pl – live chat i telefon versions 1.0.0 through 1.0.5 Description: The issue is related to a Missing Authorization vulnerability, which allows Cross Site Request Forgery. This means that an attacker can perform actions on behalf of another user without their knowledge or consent. Recommendations: For versions 1.0.0 through 1.0.5, update to a version that includes a fix for the Missing Authorization vulnerability to prevent Cross Site Request Forgery attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ydesignservices Multiple Location Google Map versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also store malicious scripts that can be executed by other users. Recommendations: For Ydesignservices Multiple Location Google Map versions 1.1 and earlier, as a temporary workaround, consider disabling the functionality that allows user input to prevent Stored XSS attacks until a patch is available. Restrict access to sensitive operations to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nimbata Call Tracking versions 1.7.1 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, and also store malicious scripts that can be executed by other users. Recommendations: For versions 1.7.1 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, until a patch is available. Restrict access to sensitive features of Nimbata Call Tracking to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: KeyCAPTCHA versions n/a through 2.5.1 Description: The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability and Stored XSS in KeyCAPTCHA. Recommendations: For versions n/a through 2.5.1, update to a version later than 2.5.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: DeBounce Email Validator versions n/a through 5.7.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. Recommendations: For DeBounce Email Validator versions n/a through 5.7.1, update to a version later than 5.7.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Kevon Adonis WP Abstracts versions 2.7.4 and earlier Description: A Cross-Site Request Forgery (CSRF) issue allows unauthorized actions to be performed on behalf of a user. This can lead to various security problems, including data modification or unauthorized access to sensitive information. Recommendations: For versions 2.7.4 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Foliopress WYSIWYG versions n/a through 2.6.18 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows unauthorized actions to be performed on a user's account without their knowledge or consent. This is due to the lack of proper validation of requests, making it possible for an attacker to trick a user into performing unintended actions. Recommendations: For versions n/a through 2.6.18, update to a version that includes a fix for this issue, as no specific workaround or mitigation is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ankit Singla WordPress Spam Blocker versions 2.0.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. Recommendations: For Ankit Singla WordPress Spam Blocker versions 2.0.4 and earlier, update to a version later than 2.0.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: rafasashi User Session Synchronizer versions 1.4.0 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts stored on the server. Recommendations: For versions 1.4.0 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: axew3 WP w3all phpBB versions 2.9.2 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Reflected XSS. Recommendations: For axew3 WP w3all phpBB versions 2.9.2 and earlier, update to a version that contains a fix for this issue.