Dave Jong

**Name of the Vulnerable Software and Affected Versions** Sunshine Photo Cart versions prior to 3.6.8 **Description** A missing authorization issue in the WP Sunshine Sunshine Photo Cart plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform certain actions. **Recommendations** Update to a version newer than 3.6.7.

**Name of the Vulnerable Software and Affected Versions** Seraphinite Solutions Seraphinite Accelerator versions through 2.22.15 **Description** A missing authorization issue exists in Seraphinite Accelerator, potentially allowing retrieval of embedded sensitive data. The issue affects the `seraphinite-accelerator` component. No information is available regarding the number of potentially affected devices or any real-world incidents where this issue was exploited. The vulnerability allows unauthorized access to data. The affected component does not have specific API endpoints or vulnerable parameters mentioned in the provided information. **Recommendations** Update Seraphinite Accelerator to a version later than 2.22.15.

**Name of the Vulnerable Software and Affected Versions** Modular DS versions 2.5.2 through 2.5.9 **Description** An incorrect privilege assignment exists in the Modular DS modular-connector component, potentially allowing for privilege escalation. The issue allows an attacker to gain elevated privileges within the system. **Recommendations** Update Modular DS to version 2.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** Resoto versions through 1.0.8 **Description** A missing authorization issue exists in Resoto, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update Resoto to a version later than 1.0.8.

**Name of the Vulnerable Software and Affected Versions** HappyFiles Pro versions through 1.8.1 **Description** An authorization issue exists in HappyFiles Pro, allowing exploitation due to incorrectly configured access control security levels. This can lead to unauthorized access. **Recommendations** Update HappyFiles Pro to a version later than 1.8.1.

**Name of the Vulnerable Software and Affected Versions** HappyFiles Pro versions through 1.8.1 **Description** An authorization issue exists in HappyFiles Pro, allowing exploitation of incorrectly configured access control security levels. This can lead to unauthorized access. **Recommendations** Update HappyFiles Pro to a version later than 1.8.1.

**Name of the Vulnerable Software and Affected Versions** Mapro Collins Magazine Edge versions through 1.13 **Description** An authorization issue exists in Mapro Collins Magazine Edge due to incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update to a version later than 1.13.

**Name of the Vulnerable Software and Affected Versions** Brainstorm Force Spectra versions through 2.3.0 **Description** A missing authorization issue exists in Brainstorm Force Spectra, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update Brainstorm Force Spectra to a version later than 2.3.0.

**Name of the Vulnerable Software and Affected Versions** eForm - WordPress Form Builder (affected versions not specified) **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: wProject versions prior to 5.8.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Reflected XSS. This type of issue can occur when user input is not properly sanitized, allowing an attacker to inject malicious scripts into a website. Recommendations: For versions prior to 5.8.0, update to version 5.8.0 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: wProject versions prior to 5.8.0 Description: The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorized access to certain features or data. Recommendations: For versions prior to 5.8.0, update to version 5.8.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: wProject versions prior to 5.8.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability. This vulnerability affects wProject, with details about the impact or exploitation not specified beyond the general description of the issue. Recommendations: For versions prior to 5.8.0, update to version 5.8.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Uncanny Toolkit Pro for LearnDash versions prior to 4.1.4.1 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthorized actions to be performed on behalf of a user. This can lead to various security problems, including data modification or unauthorized access to sensitive information. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Recommendations: For versions prior to 4.1.4.1, update to version 4.1.4.1 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent CSRF attacks, such as validating user requests and ensuring that all requests include a valid token. Restrict access to sensitive functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Azzaroco WP SuperBackup versions 2.3.3 and earlier **Description** The issue affects Azzaroco WP SuperBackup, allowing Reflected XSS due to improper neutralization of input during web page generation. This enables an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or data theft. **Recommendations** For versions 2.3.3 and earlier, update to a version later than 2.3.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xtemos WoodMart versions prior to 7.2.1 **Description** The issue is related to a missing authorization vulnerability in Xtemos WoodMart, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions prior to 7.2.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BuddyBoss Theme versions prior to 2.4.62 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability in BuddyBoss Theme, which allows an attacker to perform unauthorized actions on behalf of a user. Recommendations: For versions prior to 2.4.62, update to version 2.4.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Azzaroco WP SuperBackup versions 2.3.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. This can lead to unauthorized access. **Recommendations** For Azzaroco WP SuperBackup versions 2.3.3 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP SuperBackup versions 2.3.3 and earlier **Description** The issue affects the WP SuperBackup plugin for WordPress, allowing unrestricted upload of files with dangerous types. This enables attackers to upload a web shell to a web server. The vulnerability is due to missing file type validation in all versions up to and including 2.3.3. **Recommendations** For WP SuperBackup versions 2.3.3 and earlier, update to version 2.3.4 to patch this issue. As a temporary workaround, consider restricting access to the file upload functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP SuperBackup versions through 2.3.3 **Description** The issue is related to Deserialization of Untrusted Data, which affects WP SuperBackup due to a deserialization vulnerability. **Recommendations** For versions through 2.3.3, update to a version later than 2.3.3 to resolve the issue. As a temporary workaround, consider restricting the deserialization of untrusted data until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Azzaroco WP SuperBackup versions 2.3.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. This can lead to unauthorized access control bypass in Azzaroco WP SuperBackup. **Recommendations** For Azzaroco WP SuperBackup versions 2.3.3 and earlier, update to a version later than 2.3.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.