Asif Nawaz Minhas

**Name of the Vulnerable Software and Affected Versions** Code-projects Budget Management version 1.0 **Description** The issue is related to SQL Injection, which occurs via the `delete` parameter. This allows for potential manipulation of database queries. **Recommendations** For Code-projects Budget Management version 1.0, as a temporary workaround, consider restricting access to the `delete` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Code-projects Budget Management version 1.0 **Description** The issue concerns Cross Site Scripting (XSS) via the `budget` parameter. This allows for potential malicious script injection, affecting the security of the application. **Recommendations** For Code-projects Budget Management version 1.0, as a temporary workaround, consider restricting access to the `budget` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** chartjs WordPress plugin versions through 2023.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions through 2023.2, update to a version that includes the necessary sanitization and escaping of settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** chartjs WordPress plugin versions through 2023.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For chartjs WordPress plugin versions through 2023.2, update to a version that addresses the sanitization and escaping of settings to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Image Hover Effects WordPress plugin versions prior to 5.5 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 5.5, update to version 5.5 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP CSV Exporter WordPress plugin versions prior to 1.3.7 **Description** The issue allows high privilege users, such as admins, to perform SQL injection attacks due to improper sanitization and escaping of some parameters before using them in a SQL statement. **Recommendations** For versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Image Hover Effects Css3 WordPress plugin versions 4.5 and earlier **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For The Image Hover Effects Css3 WordPress plugin versions 4.5 and earlier, update to a version that addresses the sanitization and escaping of settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Salat Times WordPress plugin versions prior to 3.2.2 **Description** The issue allows high-privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high-privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Testimonials WordPress plugin versions prior to 2.7 super-testimonial-pro WordPress plugin versions prior to 1.0.8 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to the lack of sanitization and escaping of its settings. **Recommendations** For Testimonials WordPress plugin versions prior to 2.7, update to version 2.7 or later. For super-testimonial-pro WordPress plugin versions prior to 1.0.8, update to version 1.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** WP Contact Slider WordPress plugin versions prior to 2.4.8 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Meks Easy Social Share WordPress plugin versions prior to 1.2.8 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** We’re Open! WordPress plugin versions prior to 1.42 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For We’re Open! WordPress plugin versions prior to 1.42, update to version 1.42 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Top Bar WordPress plugin versions prior to 3.0.4 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape some of its settings before outputting them in frontend pages. This issue can be exploited even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings that are outputted in frontend pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Comment Form WordPress plugin versions prior to 1.2.1 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Social Rocket WordPress plugin versions prior to 1.3.3 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape some of its settings, even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Donation Thermometer WordPress plugin versions prior to 2.1.3 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 2.1.3, update to version 2.1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** DSGVO All in one for WP WordPress plugin versions prior to 4.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 4.2, update to version 4.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Scroll To Top WordPress plugin versions prior to 1.4.1 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not escaping some of its settings. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to access or modify the plugin's settings until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Float to Top Button WordPress plugin versions 2.3.6 and earlier **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not escaping some of its settings. **Recommendations** For Float to Top Button WordPress plugin versions 2.3.6 and earlier, update to a version that fixes the issue, as the current version does not properly escape its settings, allowing for potential Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** WBW Currency Switcher for WooCommerce WordPress plugin versions prior to 1.6.6 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and escaped, making it vulnerable even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue.