Chuck

Name of the Vulnerable Software and Affected Versions: Email Address Security by WebEmailProtector versions n/a through 3.3.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users. Recommendations: For versions n/a through 3.3.6, update to a version later than 3.3.6 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website. Avoid using the vulnerable component until a patch is available. At the moment, there is no information about additional mitigation measures.

Name of the Vulnerable Software and Affected Versions: Danny Vink User Profile Meta Manager versions 1.02 and earlier Description: A Cross-Site Request Forgery (CSRF) issue allows Privilege Escalation. This is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. Recommendations: For Danny Vink User Profile Meta Manager versions 1.02 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bill Minozzi WP Tools versions n/a through 5.18 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Path Traversal. This means an attacker could potentially trick a user into performing unintended actions on the web application, and also access files or directories outside the intended directory structure. **Recommendations** For Bill Minozzi WP Tools versions n/a through 5.18, update to a version that contains a fix for this issue, as using an affected version poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** miniOrange WordPress REST API Authentication versions through 3.6.3 **Description** The issue is related to a Missing Authorization vulnerability in miniOrange WordPress REST API Authentication, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions through 3.6.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 1-Click Backup & Restore Database versions 1.0.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. **Recommendations** For versions 1.0.3 and earlier, update to a version that addresses the Missing Authorization vulnerability. As a temporary workaround, consider restricting access to sensitive areas of the database to minimize the risk of exploitation.