Debangshu Kundu & Arpeet Rathi

**Name of the Vulnerable Software and Affected Versions** WP Directory Kit versions 1.2.6 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WP Directory Kit versions 1.2.6 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Events Calendar BookIt versions 2.4.0 and earlier **Description** The issue is related to improper validation of specified quantity in input, allowing manipulation of hidden fields. This can be exploited to potentially alter or access unauthorized data. **Recommendations** For versions 2.4.0 and earlier, update to a version later than 2.4.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CLUEVO CLUEVO LMS, E-Learning Platform plugin versions <= 1.10.0 **Description** A Cross-Site Request Forgery (CSRF) issue affects the CLUEVO CLUEVO LMS, E-Learning Platform plugin. This issue allows an attacker to perform unintended actions on a user's account. **Recommendations** For versions <= 1.10.0, update to a version greater than 1.10.0 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.