Arif Shaikh

**Name of the Vulnerable Software and Affected Versions** CreativeMindsSolutions CM Business Directory versions through 1.5.3 **Description** The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting (XSS). This means that malicious code can be injected into web pages viewed by other users. The affected component is cm-business-directory. **Recommendations** Update to a version later than 1.5.3.

**Name of the Vulnerable Software and Affected Versions** Imaginate Solutions File Uploads Addon for WooCommerce versions through 1.7.3 **Description** The File Uploads Addon for WooCommerce contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue involves a missing authorization check. **Recommendations** Update Imaginate Solutions File Uploads Addon for WooCommerce to a version later than 1.7.3.

**Name of the Vulnerable Software and Affected Versions** LearnPress – Course Review versions through 4.1.9 **Description** The LearnPress – Course Review component contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This issue enables malicious actors to inject scripts into web pages viewed by other users. **Recommendations** Update LearnPress – Course Review to a version later than 4.1.9.

**Name of the Vulnerable Software and Affected Versions** Stock Manager for WooCommerce versions prior to 3.6.0 **Description** The software contains a Cross-Site Request Forgery (CSRF) flaw. This allows attackers to potentially perform actions on behalf of authenticated users without their knowledge. **Recommendations** Update Stock Manager for WooCommerce to version 3.6.0 or later.