Bao

**Name of the Vulnerable Software and Affected Versions** Taxi Booking Manager for WooCommerce versions prior to 2.0.2 **Description** A missing authorization issue exists due to incorrectly configured access control security levels, which allows for broken access control. **Recommendations** Update to a version newer than 2.0.1.

**Name of the Vulnerable Software and Affected Versions** Royal Elementor Addons versions prior to 1.7.1053 **Description** A missing authorization issue exists due to incorrectly configured access control security levels. **Recommendations** Update to version 1.7.1053.

**Name of the Vulnerable Software and Affected Versions** GiveWP versions prior to 4.14.6 **Description** A missing authorization issue in StellarWP GiveWP allows for the exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version newer than 4.14.5.

**Name of the Vulnerable Software and Affected Versions** WpEvently versions prior to 5.1.9 **Description** A flaw exists in magepeopleteam WpEvently mage-eventpress that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. **Recommendations** Update WpEvently to version 5.1.9 or later.

**Name of the Vulnerable Software and Affected Versions** RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons versions through 3.2.4 **Description** A flaw exists in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons that could allow retrieval of embedded sensitive data. The issue is present in the `shopbuilder` component. **Recommendations** Update RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons to a version later than 3.2.4.

**Name of the Vulnerable Software and Affected Versions** WP Lab WP-Lister Lite for eBay versions through 3.8.5 **Description** The software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue allows exploitation of missing authorization. **Recommendations** Update WP Lab WP-Lister Lite for eBay to a version later than 3.8.5.

**Name of the Vulnerable Software and Affected Versions** BoldGrid Client Invoicing by Sprout Invoices versions through 20.8.8 **Description** An issue exists in BoldGrid Client Invoicing by Sprout Invoices related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue involves a missing authorization check. The vulnerable component is Client Invoicing by Sprout Invoices. **Recommendations** Update to a version later than 20.8.8.

**Name of the Vulnerable Software and Affected Versions** Metagauss EventPrime versions through 4.2.8.3 **Description** A flaw exists in Metagauss EventPrime eventprime-event-calendar-management that allows retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere. **Recommendations** Versions prior to 4.2.8.3 should be updated.

**Name of the Vulnerable Software and Affected Versions** Contact Form 7 Extension For Mailchimp versions through 0.9.49 **Description** The Contact Form 7 Extension For Mailchimp contains a flaw that allows retrieval of embedded sensitive data. This occurs due to the insertion of sensitive information into sent data. **Recommendations** Update Contact Form 7 Extension For Mailchimp to a version newer than 0.9.49.

**Name of the Vulnerable Software and Affected Versions** GetResponse Email marketing for WordPress by GetResponse Official versions through 1.5.3 **Description** An authorization issue exists in GetResponse Email marketing for WordPress by GetResponse Official. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update GetResponse Email marketing for WordPress by GetResponse Official to a version later than 1.5.3.

**Name of the Vulnerable Software and Affected Versions** GetResponse Email marketing for WordPress by GetResponse Official versions through 1.5.3 **Description** A flaw exists in GetResponse Email marketing for WordPress by GetResponse Official that could lead to the retrieval of embedded sensitive data. This issue allows for the exposure of sensitive system information to an unauthorized control sphere. **Recommendations** Update GetResponse Email marketing for WordPress by GetResponse Official to a version later than 1.5.3.

**Name of the Vulnerable Software and Affected Versions** CM Pop-Up banners versions n/a through 1.8.4 **Description** A missing authorization issue exists in CreativeMindsSolutions CM Pop-Up banners due to incorrectly configured access control security levels. **Recommendations** Update CM Pop-Up banners to a version later than 1.8.4.

**Name of the Vulnerable Software and Affected Versions** AntiSpam for Contact Form 7 versions through 0.6.3 **Description** The software contains a Cross-Site Request Forgery (CSRF) flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge. **Recommendations** Update AntiSpam for Contact Form 7 to a version later than 0.6.3.

Name of the Vulnerable Software and Affected Versions: bitto.Kazi Custom Login And Signup Widget versions 1.0 and earlier Description: The issue is related to an Improper Control of Generation of Code ('Code Injection') vulnerability, which allows Code Injection. This vulnerability can potentially lead to Arbitrary Code Execution (RCE). Recommendations: For versions 1.0 and earlier, update to a version that fixes the Code Injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.