Ajay Sandipan Thorbole

**Name of the Vulnerable Software and Affected Versions** Verse-O-Matic WordPress plugin versions 4.1.1 and earlier **Description** The issue is related to the lack of CSRF checks in the Verse-O-Matic WordPress plugin, allowing attackers to make logged-in administrators perform unwanted actions, such as adding, editing, or deleting arbitrary verses and changing settings. Additionally, the lack of sanitization in the settings and verses could lead to Stored Cross-Site Scripting issues. **Recommendations** For versions 4.1.1 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's settings and verses to minimize the risk of unwanted actions. Avoid using the plugin's functionality to add, edit, or delete verses until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Request a Quote WordPress plugin versions prior to 2.3.4 **Description** The issue arises from the plugin's failure to properly sanitise and escape certain quote fields when adding or editing a quote as an administrator. This leads to Stored Cross-Site scripting issues when the quote is displayed in the 'All Quotes' table. **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'All Quotes' table to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sign-up Sheets WordPress plugin versions prior to 1.0.14 **Description** The issue allows high privilege users to add JavaScript in certain fields when creating a new sheet, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard. **Recommendations** For versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'All Sheets' page in the admin dashboard to minimize the risk of exploitation. Avoid using the affected fields when creating a new sheet until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sign-up Sheets WordPress plugin versions prior to 1.0.14 **Description** The issue concerns a CSV injection problem due to the lack of sanitization or validation of the Sheet title when generating the CSV for export. **Recommendations** For versions prior to 1.0.14, update to version 1.0.14 or later to resolve the issue.