Bonds

**Name of the Vulnerable Software and Affected Versions** Elementor Website Builder versions prior to 4.1.0 **Description** A missing authorization issue allows for the exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version later than 4.1.0.

**Name of the Vulnerable Software and Affected Versions** ElementsKit Elementor addons Lite versions prior to 3.9.7 **Description** A missing authorization issue in Wpmet ElementsKit Elementor addons Lite allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action. **Recommendations** Update to a version newer than 3.9.6.

**Name of the Vulnerable Software and Affected Versions** ElementsKit Elementor addons Lite versions prior to 3.9.7 **Description** A missing authorization issue in Wpmet ElementsKit Elementor addons Lite allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action. **Recommendations** Update to a version newer than 3.9.6.

Name of the Vulnerable Software and Affected Versions Brainstorm Force Ultimate Addons for WPBakery Page Builder versions prior to 3.21.4 Description Brainstorm Force Ultimate Addons for WPBakery Page Builder is susceptible to a DOM-Based Cross-Site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for potential malicious code execution within the context of a user's browser. Recommendations Update Brainstorm Force Ultimate Addons for WPBakery Page Builder to version 3.21.4 or later.

**Name of the Vulnerable Software and Affected Versions** ThemeFusion Avada Core versions prior to 5.15.0 **Description** A missing authorization check exists in ThemeFusion Avada Core `fusion-core`, allowing exploitation of incorrectly configured access control security levels. The issue allows unauthorized access due to improperly set security controls. **Recommendations** Update ThemeFusion Avada Core to version 5.15.0 or later.

**Name of the Vulnerable Software and Affected Versions** ThemeFusion Fusion Builder versions prior to 3.15.0 **Description** An authorization issue exists in ThemeFusion Fusion Builder’s `fusion-builder`. This allows exploitation of incorrectly configured access control security levels. **Recommendations** Update ThemeFusion Fusion Builder to version 3.15.0 or later.

**Name of the Vulnerable Software and Affected Versions** ThemeFusion Fusion Builder versions prior to 3.15.0 **Description** A missing authorization issue exists in ThemeFusion Fusion Builder, allowing exploitation of incorrectly configured access control security levels. The issue allows unauthorized access due to improper configuration of access controls. **Recommendations** Update ThemeFusion Fusion Builder to version 3.15.0 or later.

**Name of the Vulnerable Software and Affected Versions** ThemeFusion Avada Core versions prior to 5.15.0 **Description** An issue exists in ThemeFusion Avada Core fusion-core that allows for DOM-Based Cross-site Scripting (XSS). This occurs due to improper neutralization of input during web page generation. The issue affects the way user-supplied data is handled, potentially allowing an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Versions prior to 5.15.0 should be updated to version 5.15.0 or later.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Tediss versions through 1.2.4 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update ThemeREX Tediss to a version newer than 1.2.4.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Quanzo versions through 1.0.10 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update ThemeREX Quanzo to a version newer than 1.0.10.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Avventure versions through 1.1.12 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update ThemeREX Avventure to a version later than 1.1.12.

**Name of the Vulnerable Software and Affected Versions** ThemeREX ConFix confix versions through 1.013 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. **Recommendations** Update ThemeREX ConFix confix to a version later than 1.013.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Meals & Wheels versions through 1.1.12 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update ThemeREX Meals & Wheels to a version later than 1.1.12.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Aldo versions through 1.0.10 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update ThemeREX Aldo to a version later than 1.0.10.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Justitia versions through 1.1.0 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update to a version newer than 1.1.0.

**Name of the Vulnerable Software and Affected Versions** ThemeREX OsTende versions through 1.4.3 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. **Recommendations** Update to a version later than 1.4.3.

**Name of the Vulnerable Software and Affected Versions** Eagle-Themes Eagle Booking versions through 1.3.4.3 **Description** Eagle-Themes Eagle Booking contains a flaw due to improper neutralization of special elements used in an SQL command, which allows for SQL Injection. The issue impacts the application's handling of SQL queries, potentially allowing an attacker to manipulate database operations. **Recommendations** Update Eagle-Themes Eagle Booking to a version later than 1.3.4.3.

**Name of the Vulnerable Software and Affected Versions** ThemeREX Humanum versions through 1.1.4 **Description** The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files within the application. **Recommendations** Update ThemeREX Humanum to a version newer than 1.1.4.

**Name of the Vulnerable Software and Affected Versions** ThemeREX The Qlean versions prior to 2.12 **Description** The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. **Recommendations** Update to a version greater than 2.12

**Name of the Vulnerable Software and Affected Versions** ThemeREX Vixus versions through 1.0.16 **Description** The software contains a flaw related to improper control of filenames used in include/require statements, potentially leading to PHP Local File Inclusion. The issue exists in ThemeREX Vixus. **Recommendations** Update ThemeREX Vixus to a version later than 1.0.16.