Anhchangmutrang

**Name of the Vulnerable Software and Affected Versions** MapSVG versions prior to 8.6.12 **Description** A Path Traversal issue exists in MapSVG. This allows an attacker to potentially access restricted directories. The issue is due to improper limitation of a pathname. **Recommendations** Update MapSVG to version 8.6.12 or later.

Name of the Vulnerable Software and Affected Versions: FWDesign Ultimate Video Player versions through 10.1 Description: A Server-Side Request Forgery (SSRF) vulnerability exists in FWDesign Ultimate Video Player, allowing Server Side Request Forgery. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Consultstreet versions through 3.0.0 **Description** A missing authorization issue exists in Consultstreet due to incorrectly configured access control security levels. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Elite Video Player versions through 10.0.5 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Reflected Cross-site Scripting (XSS). Recommendations: Update Elite Video Player to a version later than 10.0.5.

Name of the Vulnerable Software and Affected Versions: FWDesign Ultimate Video Player versions n/a through 10.1 Description: Missing authorization allows exploiting incorrectly configured access control security levels in FWDesign Ultimate Video Player. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ValvePress Pinterest Automatic Pin (affected versions not specified) Description: An improper neutralization of special elements used in an SQL command vulnerability exists in ValvePress Pinterest Automatic Pin. This allows for SQL injection. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LCweb Global Gallery versions n/d through 9.2.3 Description: A missing authorization flaw in LCweb Global Gallery allows exploitation due to incorrectly configured access control security levels. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ValvePress Wordpress Auto Spinner versions through 3.25.0 **Description** The software contains a Reflected Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. **Recommendations** Update ValvePress Wordpress Auto Spinner to a version later than 3.25.0.

Name of the Vulnerable Software and Affected Versions: Rankie versions 1.8.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. Recommendations: For Rankie versions 1.8.2 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Simple Link Directory versions n/a through 14.7.3 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows attackers to execute malicious SQL commands. Recommendations: For versions n/a through 14.7.3, update to a version later than 14.7.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 4.9.9 Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions prior to 4.9.9, update to a version that includes the fix for this issue.

Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting versions through 11.12.11 Description: The issue is a Server-Side Request Forgery (SSRF) vulnerability that allows Server Side Request Forgery. Recommendations: For versions through 11.12.11, update to a version later than 11.12.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Elite Video Player versions through 10.0.5 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For Elite Video Player versions through 10.0.5, update to a version later than 10.0.5 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ValvePress Rankie (affected versions not specified) **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MapSVG versions prior to 8.5.32 **Description** The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential control of the server. **Recommendations** For versions prior to 8.5.32, update to a version that includes the fix for this issue to prevent the unrestricted upload of dangerous file types. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FantasticPlugins SUMO Affiliates Pro versions n/a through 10.7.0 **Description** The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. **Recommendations** For versions n/a through 10.7.0, update to a version that contains a fix for this issue to prevent the unrestricted upload of malicious files.

**Name of the Vulnerable Software and Affected Versions** MapSVG versions n/a through 8.5.34 **Description** The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation in RomanCode MapSVG. **Recommendations** For versions n/a through 8.5.34, update to a version that contains a fix for this issue, as no specific fix is provided in the given data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crawlomatic Multisite Scraper Post Generator versions 2.6.8.2 and earlier **Description** The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. **Recommendations** For versions 2.6.8.2 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crawlomatic Multisite Scraper Post Generator versions 2.6.8.2 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Crawlomatic Multisite Scraper Post Generator versions 2.6.8.2 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elite Video Player versions 10.0.5 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Elite Video Player, allowing unauthorized actions to be performed on behalf of a user. **Recommendations** For Elite Video Player versions 10.0.5 and earlier, update to a version later than 10.0.5 to resolve the issue.