Catfather

**Name of the Vulnerable Software and Affected Versions** Repute InfoSystems ARMember versions 4.0.5 and earlier Repute InfoSystems ARMember Premium versions prior to 6.7.1 **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions. This is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Repute InfoSystems ARMember versions 4.0.5 and earlier, update to version 4.0.6 or later. For Repute InfoSystems ARMember Premium versions prior to 6.7.1, update to version 6.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** PropertyHive versions n/a through 2.0.9 **Description** The issue is related to a Missing Authorization vulnerability in PropertyHive, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For versions n/a through 2.0.9, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of PropertyHive to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Crew HRM versions n/a through 1.1.1 **Description** The Deserialization of Untrusted Data issue in Crew HRM allows Object Injection. This problem affects Crew HRM, enabling potential exploitation. **Recommendations** For Crew HRM versions n/a through 1.1.1, update to a version later than 1.1.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contest Gallery versions through 23.1.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in Contest Gallery. **Recommendations** For versions through 23.1.2, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Print My Blog versions 3.27.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 3.27.0 and earlier, update to a version later than 3.27.0 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SP Project & Document Manager versions n/a through 4.71 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal attacks. **Recommendations** For versions n/a through 4.71, update to a version that fixes the Path Traversal issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Andrew Rapps Dashboard To-Do List versions 1.2.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Andrew Rapps Dashboard To-Do List. **Recommendations** For versions 1.2.0 and earlier, update to a version that includes the fix for the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fahad Mahmood WP Sort Order versions 1.3.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability. This vulnerability affects Fahad Mahmood WP Sort Order, allowing unauthorized access. **Recommendations** For Fahad Mahmood WP Sort Order versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Evergreen Content Poster versions 1.4.2 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Evergreen Content Poster. **Recommendations** For versions 1.4.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contest Gallery versions n/a through 21.3.4 **Description** The issue is related to a Missing Authorization vulnerability in Contest Gallery. This vulnerability affects Contest Gallery versions from n/a through 21.3.4. **Recommendations** For versions n/a through 21.3.4, update to a version later than 21.3.4 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** PropertyHive versions n/a through 2.0.13 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions n/a through 2.0.13, update to a version later than 2.0.13 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPMobile.App versions n/a through 11.41 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS. **Recommendations** For versions n/a through 11.41, update to a version that contains a fix for this issue to prevent Reflected XSS attacks. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Praison SEO WordPress versions through 4.0.15 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, which can compromise the security of the site. **Recommendations** For versions through 4.0.15, update to a version later than 4.0.15 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable areas of the site until an update can be applied.

**Name of the Vulnerable Software and Affected Versions** Wpsoul Table Maker versions 1.9.1 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For versions 1.9.1 and earlier, update to a version later than 1.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the Table Maker feature until a patch is available. Avoid using user-inputted data in the Table Maker feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Scribit GDPR Compliance versions 1.2.5 and earlier **Description** The issue is related to exposure of sensitive information to an unauthorized actor due to improper access control. This affects the Scribit GDPR Compliance plugin on WordPress. **Recommendations** For versions 1.2.5 and earlier, upgrade the plugin to the latest version and review plugin settings for any misconfigurations.

**Name of the Vulnerable Software and Affected Versions** Team Yoast Custom field finder versions 0.3 and earlier **Description** The issue is related to Deserialization of Untrusted Data, which can lead to potential security risks. **Recommendations** For versions 0.3 and earlier, update to a version that fixes the Deserialization of Untrusted Data vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simply Static versions 3.1.3 and earlier **Description** The issue is related to the insertion of sensitive information into log files. This could potentially expose sensitive data. **Recommendations** For Simply Static versions 3.1.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webfood Kattene versions 1.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions 1.7 and earlier, update to a version that fixes the Stored XSS issue. As a temporary workaround, consider restricting user input to prevent malicious script injection until a patch is available. Avoid using potentially vulnerable web page generation functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ditty versions 3.1.31 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For versions 3.1.31 and earlier, update to a version later than 3.1.31 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable functions or parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Ashish Ajani WP Simple HTML Sitemap versions through 2.8 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. **Recommendations** For versions through 2.8, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.