Ameen Alkurdy

**Name of the Vulnerable Software and Affected Versions** The Help Desk WP WordPress plugin version 1.2.0 and earlier **Description** The issue is related to the lack of sanitization and escaping of certain parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. **Recommendations** For The Help Desk WP WordPress plugin version 1.2.0 and earlier, consider updating to a newer version that addresses the issue of sanitizing and escaping parameters to prevent Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ruby Help Desk WordPress plugin versions prior to 1.3.4 **Description** The issue allows an attacker to close and/or add files and replies to tickets other than their own, as the plugin does not ensure that the ticket being modified belongs to the user making the request. **Recommendations** For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to ticket modification functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP FEvents Book WordPress plugin versions 0.46 and earlier **Description** The issue allows any authenticated users, such as subscribers, to perform Cross-Site Scripting attacks due to the plugin not sanitizing and escaping some parameters. **Recommendations** For WP FEvents Book WordPress plugin versions 0.46 and earlier, update to a version that addresses the sanitization and escaping of parameters to prevent Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** WP FEvents Book WordPress plugin versions 0.46 and earlier **Description** The issue allows any authenticated user to book, add notes, or cancel bookings on behalf of other users, as the plugin does not ensure that bookings to be updated belong to the user making the request. **Recommendations** For WP FEvents Book WordPress plugin versions 0.46 and earlier, update to a version later than 0.46 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.