Chu The Anh

Name of the Vulnerable Software and Affected Versions: flexostudio flexo-social-gallery versions through 1.0006 Description: The software contains a Cross-Site Request Forgery (CSRF) flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NetInsight Analytics Implementation Plugin versions through 1.0.3 Description: The NetInsight Analytics Implementation Plugin is susceptible to a Cross-Site Request Forgery (CSRF) issue. This allows an attacker to potentially perform actions on behalf of an authenticated user without their knowledge. Recommendations: Update NetInsight Analytics Implementation Plugin to a version later than 1.0.3.

Name of the Vulnerable Software and Affected Versions: bcupham Video Expander versions through 1.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). Recommendations: Update bcupham Video Expander to a version later than 1.0.

Name of the Vulnerable Software and Affected Versions: ThanhD Supermalink versions n/a through 1.1 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a DOM-Based Cross-site Scripting condition. Recommendations: Versions prior to 1.2 are affected.

Name of the Vulnerable Software and Affected Versions: worstguy WP LOL Rotation versions n/a through 1.0 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Stored Cross-Site Scripting (XSS) condition. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NetInsight Analytics Implementation Plugin versions through 1.0.3 Description: A Cross-Site Request Forgery (CSRF) vulnerability exists in NetInsight Analytics Implementation Plugin, which also allows Stored Cross-Site Scripting (XSS). Recommendations: Update NetInsight Analytics Implementation Plugin to a version later than 1.0.3.

Name of the Vulnerable Software and Affected Versions: Aioseo Multibyte Descriptions versions 0.0.0 through 0.0.6 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 0.0.0 through 0.0.6, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: thanhtungtnt Video List Manager versions 1.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For thanhtungtnt Video List Manager versions 1.7 and earlier, update to a version that properly constrains functionality with ACLs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CSV Importer Improved versions 0.6.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. Recommendations: For CSV Importer Improved versions 0.6.1 and earlier, update to a version that fixes this issue. As a temporary workaround, consider disabling the import functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the CSV Importer Improved until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: thanhtungtnt Video List Manager versions through 1.7 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for SQL Injection, potentially enabling cyber threats. Recommendations: For thanhtungtnt Video List Manager versions through 1.7, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to sensitive database elements to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oganro PixelBeds Channel Manager and Hotel Booking Engine versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. Recommendations: For Oganro PixelBeds Channel Manager and Hotel Booking Engine versions 1.0 and earlier, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oganro Travel Portal Search Widget for HotelBeds APITUDE API versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Cross Site Request Forgery. Recommendations: For Oganro Travel Portal Search Widget for HotelBeds APITUDE API versions 1.0 and earlier, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests.

Name of the Vulnerable Software and Affected Versions: TM Replace Howdy versions 1.4.2 and earlier Description: A Cross-Site Request Forgery (CSRF) issue allows unauthorized actions to be performed on behalf of a user. This issue affects the TM Replace Howdy plugin, enabling Cross Site Request Forgery. Recommendations: For TM Replace Howdy versions 1.4.2 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oganro XML Travel Portal Widget versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Cross Site Request Forgery. Recommendations: For Oganro XML Travel Portal Widget versions n/a through 2.0, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Map Plugins Interactive Regional Map of Africa versions 1.0 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Interactive Regional Map of Africa, allowing unauthorized actions to be performed on behalf of a user without their knowledge. **Recommendations** For versions 1.0 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Google Static Map versions 1.0.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS in Ángel C. Simple Google Static Map. **Recommendations** For Simple Google Static Map versions 1.0.1 and earlier, update to a version that fixes the issue, as the current version is affected by the DOM-Based XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Text Expander versions 1.0.1 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For WP Text Expander versions 1.0.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Abbie Expander versions 1.0.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the web page, potentially affecting users who access the page. **Recommendations** For Abbie Expander versions 1.0.1 and earlier, update to a version that fixes the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ryan Burnette Video Embeds versions 0.1.1 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS attacks. This means that an attacker can inject malicious scripts into the web page, potentially affecting users who access the page. **Recommendations** For Ryan Burnette Video Embeds versions 0.1.1 and earlier, update to a version that fixes the improper neutralization of input during web page generation to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hasina77 Wp Easy Allopass versions n/a through 4.1.1 **Description** A Cross-Site Request Forgery (CSRF) issue allows unauthorized actions to be performed on behalf of a user. This issue affects the specified versions of Hasina77 Wp Easy Allopass, allowing for Cross Site Request Forgery. **Recommendations** For versions n/a through 4.1.1, update to a version later than 4.1.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.