Brandon Roldan

**Name of the Vulnerable Software and Affected Versions** Awesome Support versions n/a through 6.1.5 **Description** The issue is related to a Missing Authorization vulnerability in Awesome Support Team Awesome Support. **Recommendations** For versions n/a through 6.1.5, update to a version later than 6.1.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Awesome Support versions n/a through 6.1.6 **Description** A Missing Authorization issue affects the Awesome Support software. This issue allows unauthorized access, potentially leading to data breaches or other security incidents. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Technical details about exploitation are not available. **Recommendations** For versions n/a through 6.1.6, update to a version later than 6.1.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPMU DEV Branda versions 3.4.14 and earlier **Description** The issue is related to an Authentication Bypass by Spoofing vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For versions 3.4.14 and earlier, update to a version later than 3.4.14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** miniorange Malware Scanner versions 4.7.1 and earlier **Description** The issue allows for authentication bypass by spoofing, enabling access to functionality not properly constrained by ACLs. **Recommendations** For miniorange Malware Scanner versions 4.7.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metagauss RegistrationMagic versions 5.2.5.0 and earlier **Description** The issue is related to an Authentication Bypass by Spoofing vulnerability in the RegistrationMagic functionality of Metagauss. This vulnerability allows accessing functionality not properly constrained by Access Control Lists (ACLs). **Recommendations** For Metagauss RegistrationMagic versions 5.2.5.0 and earlier, update to a version later than 5.2.5.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Photo Album Plus versions through 8.5.02.005 **Description** The issue affects WP Photo Album Plus, allowing exposure of sensitive information to an unauthorized actor due to accessing functionality not properly constrained by ACLs. **Recommendations** For versions through 8.5.02.005, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rate my Post – WP Rating System versions 3.4.2 and earlier **Description** The issue is related to an Authentication Bypass by Spoofing vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For versions 3.4.2 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Zero Spam versions n/a through 5.5.6 **Description** The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in Highfivery LLC Zero Spam, which allows the removal of important client functionality. **Recommendations** For Zero Spam versions n/a through 5.5.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RafflePress Giveaways and Contests versions 1.12.7 and earlier **Description** The issue is an Authentication Bypass by Spoofing vulnerability that allows Functionality Bypass. **Recommendations** For versions 1.12.7 and earlier, update to a version later than 1.12.7 to resolve the issue. At the moment, there is no information about other mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** Filipe Seabra WordPress Manutenção versions 1.0.6 and earlier **Description** The issue allows for authentication bypass by spoofing, enabling functionality bypass. **Recommendations** For versions 1.0.6 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Royal Elementor Addons versions 1.3.93 and earlier **Description** The issue is related to an Authentication Bypass by Spoofing vulnerability in Royal Elementor Addons, allowing functionality bypass. **Recommendations** For Royal Elementor Addons versions 1.3.93 and earlier, update to a version later than 1.3.93 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** FameTheme Demo Importer versions 1.1.5 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 1.1.5 and earlier, update to a version later than 1.1.5 to resolve the issue. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality in the FameTheme Demo Importer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MainWP Child Reports versions through 2.1.1 **Description** A Cross-Site Request Forgery (CSRF) issue affects MainWP Child Reports. This issue allows an attacker to perform unintended actions on the application. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions through 2.1.1, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PineWise WP Google Analytics Events versions through 2.8.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session. **Recommendations** For versions through 2.8.0, update to a version later than 2.8.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Data443 Inline Related Posts versions 3.3.1 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 3.3.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Page Builder: Live Composer versions 1.5.35 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.5.35 and earlier, update to a version later than 1.5.35 to resolve the issue. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Post Views Counter versions 1.4.4 and earlier **Description** The issue is related to an Unauthenticated Cross Site Request Forgery (CSRF) in the affected software. **Recommendations** For Post Views Counter versions 1.4.4 and earlier, update to a version later than 1.4.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Simple Post Notes versions 1.7.6 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the software. This type of issue allows an attacker to perform unintended actions on a user's behalf. **Recommendations** For versions 1.7.6 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UsersWP versions prior to 1.2.6 **Description** A Cross-Site Request Forgery (CSRF) issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Easy Social Feed versions n/a through 6.5.6 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions n/a through 6.5.6, update to a version later than 6.5.6 to resolve the issue. As a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions. Restrict access to sensitive functionality to minimize the risk of exploitation.