Cat

**Name of the Vulnerable Software and Affected Versions** Repute InfoSystems ARMember Premium versions prior to 5.9.2 **Description** The issue is related to a missing authorization vulnerability in Repute InfoSystems ARMember Premium, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions prior to 5.9.2, update to a version that includes the fix for this issue. As a temporary workaround, consider reviewing and correcting the configuration of access control security levels to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JoomUnited WP Table Manager versions 3.5.2 and earlier **Description** The issue is related to a Missing Authorization vulnerability in JoomUnited WP Table Manager, which allows exploiting incorrectly configured access control security levels. **Recommendations** For JoomUnited WP Table Manager versions 3.5.2 and earlier, update to a version later than 3.5.2 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** APIExperts Square for WooCommerce versions n/a through 4.4.1 **Description** The issue affects the APIExperts Square for WooCommerce plugin, allowing exploitation of incorrectly configured access control security levels due to a missing authorization vulnerability. This vulnerability involves broken access control, risking user data. **Recommendations** Update to the latest version immediately to secure your site. As a temporary workaround, consider restricting access to the vulnerable plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Trending/Popular Post Slider and Widget versions 1.5.7 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can be used to bypass security restrictions. **Recommendations** For versions 1.5.7 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP OnlineSupport, Essential Plugin Portfolio and Projects versions 1.3.7 and earlier **Description** The issue affects the Portfolio and Projects plugin for WordPress, involving broken access control due to missing authorization. This allows for the exploitation of incorrectly configured access control security levels. Users are urged to update to the latest version to mitigate risks. **Recommendations** For versions 1.3.7 and earlier, update to the latest version to secure your site. As a temporary workaround, consider restricting access to vulnerable components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Accordion and Accordion Slider versions 1.2.4 and earlier **Description** The issue affects the Accordion and Accordion Slider plugin due to missing authorization, allowing exploitation of incorrectly configured access control security levels. This is a result of broken access control, which can be exploited. Remediation is crucial to secure the site. **Recommendations** Update to the latest version to secure your site. As a temporary workaround, consider restricting access to the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Hugh Lashbrooke Post Hit Counter versions 1.3.2 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Hugh Lashbrooke Post Hit Counter versions 1.3.2 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Stock Sync for WooCommerce versions prior to 2.3.3 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wpthemego SW Product Bundles versions 2.0.15 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 2.0.15 and earlier, update to a version later than 2.0.15 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce versions 1.0.21 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control security levels. **Recommendations** For versions 1.0.21 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Meta slider and carousel with lightbox versions 1.6.2 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This can lead to unauthorized access due to missing or inadequate authorization mechanisms. **Recommendations** For Meta slider and carousel with lightbox versions 1.6.2 and earlier, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Featured Post Creative versions 1.2.7 and earlier **Description** The issue is related to a Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.2.7 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided.

**Name of the Vulnerable Software and Affected Versions** Album and Image Gallery plus Lightbox versions 1.6.2 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For Album and Image Gallery plus Lightbox versions 1.6.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPFactory Cost of Goods for WooCommerce versions 2.8.6 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 2.8.6 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Repute InfoSystems ARMember versions 4.0.5 and earlier Repute InfoSystems ARMember Premium versions prior to 6.7.1 **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions. This is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Repute InfoSystems ARMember versions 4.0.5 and earlier, update to version 4.0.6 or later. For Repute InfoSystems ARMember Premium versions prior to 6.7.1, update to version 6.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Email Templates Customizer and Designer for WordPress and WooCommerce versions 1.4.2 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Email Templates Customizer and Designer for WordPress and WooCommerce, allowing unauthorized actions to be performed on behalf of a user. **Recommendations** For versions 1.4.2 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NooTheme Noo Timetable plugin versions <= 2.1.3 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by contributors or users with higher authentication levels. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For NooTheme Noo Timetable plugin versions <= 2.1.3, update to a version higher than 2.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** NooTheme Noo Timetable plugin versions <= 2.1.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For NooTheme Noo Timetable plugin versions <= 2.1.3, update to a version higher than 2.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SiteAlert plugin versions <= 1.9.7 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 1.9.7, update to a version higher than 1.9.7 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Repute InfoSystems ARMember (free) (affected versions not specified) Repute InfoSystems ARMember (premium) (affected versions not specified) **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects Repute InfoSystems ARMember plugins, including both free and premium versions. **Recommendations** For Repute InfoSystems ARMember (free), at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Repute InfoSystems ARMember (premium), at the moment, there is no information about a newer version that contains a fix for this vulnerability.