Bao - Bluerock

Name of the Vulnerable Software and Affected Versions: Export WP Page to Static HTML/CSS versions n/a through 4.1.0 Description: A missing authorization issue exists in Export WP Page to Static HTML/CSS, allowing access to functionality not properly constrained by Access Control Lists (ACLs). Recommendations: Update Export WP Page to Static HTML/CSS to a version later than 4.1.0.

Name of the Vulnerable Software and Affected Versions: BerqWP versions through 2.2.53 Description: A missing authorization issue exists in BerqWP, allowing exploitation of incorrectly configured access control security levels and enabling unauthorized access control bypass. Recommendations: Update BerqWP to a version later than 2.2.53.

**Name of the Vulnerable Software and Affected Versions** reimund Compact Admin versions n/a through 1.3.0 **Description** A Cross-Site Request Forgery (CSRF) vulnerability exists in reimund Compact Admin, allowing attackers to perform actions on behalf of an unsuspecting user. This issue allows Cross Site Request Forgery. **Recommendations** Apply updates to versions prior to 1.4.0.

**Name of the Vulnerable Software and Affected Versions** Media Author versions n/a through 1.0.4 **Description** An incorrect privilege assignment issue exists in Media Author, potentially allowing privilege escalation. **Recommendations** Update Media Author to a version later than 1.0.4.

**Name of the Vulnerable Software and Affected Versions** Ibnul H. Custom Team Manager versions through 2.4.2 **Description** The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Ibnul H. Custom Team Manager to a version later than 2.4.2.

**Name of the Vulnerable Software and Affected Versions** Rami Yushuvaev Site Info versions n/a through 1.1 **Description** A vulnerability exists in Rami Yushuvaev Site Info that allows the retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Habibur Rahman Comment Form WP – Customize Default Comment Form versions through 2.0.0 **Description** The software contains a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. **Recommendations** Update Habibur Rahman Comment Form WP – Customize Default Comment Form to a version later than 2.0.0.

**Name of the Vulnerable Software and Affected Versions** Order Delivery Date for WooCommerce versions through 4.1.0 **Description** The software contains a missing authorization flaw due to incorrectly configured access control security levels. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Barn2 Plugins Posts Table with Search & Sort versions through 1.4.10 **Description** The Posts Table with Search & Sort plugin contains a missing authorization flaw due to incorrectly configured access control security levels. **Recommendations** Update Barn2 Plugins Posts Table with Search & Sort to a version later than 1.4.10.

**Name of the Vulnerable Software and Affected Versions** Support Genix versions through 1.4.23 **Description** A missing authorization flaw exists in PalsCode Support Genix due to incorrectly configured access control security levels. This allows for exploitation of the issue. **Recommendations** Update Support Genix to a version later than 1.4.23.

**Name of the Vulnerable Software and Affected Versions** salubrio Add Code To Head versions through 1.17 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update salubrio Add Code To Head to a version later than 1.17.

**Name of the Vulnerable Software and Affected Versions** Popup for CF7 with Sweet Alert versions through 1.6.5 **Description** The software contains a Cross-Site Request Forgery (CSRF) flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge. **Recommendations** Update Popup for CF7 with Sweet Alert to a version later than 1.6.5.

Name of the Vulnerable Software and Affected Versions: Shahjahan Jewel Fluent Support versions n/a through 1.9.1 Description: The software contains a Cross-Site Request Forgery (CSRF) flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge. Recommendations: Update Shahjahan Jewel Fluent Support to a version later than 1.9.1.

Name of the Vulnerable Software and Affected Versions: ProveSource Social Proof versions n/a through 3.0.5 Description: ProveSource Social Proof contains a flaw that allows the retrieval of embedded sensitive data, leading to the exposure of confidential system information to an unauthorized control sphere. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WP Discord Post Plus – Supports Unlimited Channels versions not specified through 1.0.2 Description: A Cross-Site Request Forgery (CSRF) issue exists in WP Discord Post Plus – Supports Unlimited Channels, allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update WP Discord Post Plus – Supports Unlimited Channels to a version later than 1.0.2.

Name of the Vulnerable Software and Affected Versions: Stylemix Motors versions n/a through 1.4.80 Description: A flaw exists in Stylemix Motors related to incorrectly configured access control security levels, allowing for authorization bypass through a user-controlled key. Recommendations: Update Stylemix Motors to a version later than 1.4.80.

Name of the Vulnerable Software and Affected Versions: CreativeMindsSolutions CM On Demand Search And Replace versions through 1.5.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). Recommendations: Update CreativeMindsSolutions CM On Demand Search And Replace to a version later than 1.5.2.

Name of the Vulnerable Software and Affected Versions: PARETO Digital Embedder for Google Reviews versions n/a through 1.7.3 Description: A missing authorization flaw exists in PARETO Digital Embedder for Google Reviews. This issue allows access to functionality that is not properly constrained by Access Control Lists (ACLs). Recommendations: Update PARETO Digital Embedder for Google Reviews to a version later than 1.7.3.

Name of the Vulnerable Software and Affected Versions: CreativeMindsSolutions CM On Demand Search And Replace versions through 1.5.2 Description: A Cross-Site Request Forgery (CSRF) issue exists in CreativeMindsSolutions CM On Demand Search And Replace, allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update CreativeMindsSolutions CM On Demand Search And Replace to a version later than 1.5.2.