Denver Jackson

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.

**Name of the Vulnerable Software and Affected Versions** Askka versions prior to 1.3.1 **Description** Deserialization of untrusted data in Elated-Themes Askka allows Object Injection, a technique where an attacker can manipulate serialized objects to execute arbitrary code or interfere with application logic. **Recommendations** Update to a version later than 1.3.1.

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1.

**Name of the Vulnerable Software and Affected Versions** WPFunnels Mail Mint versions through 1.19.4 **Description** A missing authorization issue exists in WPFunnels Mail Mint. The issue allows access to functionality that is not properly constrained by Access Control Lists (ACLs). **Recommendations** Update WPFunnels Mail Mint to a version later than 1.19.4.

**Name of the Vulnerable Software and Affected Versions** HappyDevs TempTool versions through 1.3.1 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting issue. This allows for the injection of malicious scripts into web pages viewed by other users. The issue affects the application’s handling of user-supplied data, potentially enabling an attacker to execute arbitrary code within the context of a user's browser. **Recommendations** Update HappyDevs TempTool to a version later than 1.3.1.

**Name of the Vulnerable Software and Affected Versions** YayPricing versions through 3.5.3 **Description** A missing authorization flaw exists in YayPricing. This allows access to functionality that is not properly restricted by Access Control Lists (ACLs). **Recommendations** Update YayPricing to a version later than 3.5.3.

**Name of the Vulnerable Software and Affected Versions** Sparkle WP Sparkle FSE versions through 1.0.9 **Description** An authorization issue exists in Sparkle WP Sparkle FSE, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update Sparkle WP Sparkle FSE to a version later than 1.0.9.

**Name of the Vulnerable Software and Affected Versions** ListingPro versions through 2.9.9 **Description** An authorization issue exists in ListingPro, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update ListingPro to a version later than 2.9.9.

**Name of the Vulnerable Software and Affected Versions** Custom Fields Account Registration For Woocommerce versions n/a through 1.2 **Description** A flaw exists in Custom Fields Account Registration For Woocommerce that allows for privilege escalation due to incorrect privilege assignment. This issue impacts the application's security by potentially allowing unauthorized access or modification of sensitive data. **Recommendations** Update Custom Fields Account Registration For Woocommerce to a version later than 1.2.

**Name of the Vulnerable Software and Affected Versions** wpweb Follow My Blog Post versions through 2.3.9 **Description** A flaw exists in wpweb Follow My Blog Post that allows the retrieval of embedded sensitive data, potentially exposing system information to unauthorized access. **Recommendations** Update wpweb Follow My Blog Post to a version later than 2.3.9.

**Name of the Vulnerable Software and Affected Versions** StylemixThemes Motors versions through 5.6.81 **Description** A flaw exists in StylemixThemes Motors that permits the upload of malicious files. This allows for the use of dangerous file types. **Recommendations** Update StylemixThemes Motors to a version later than 5.6.81.

**Name of the Vulnerable Software and Affected Versions** PostX versions through 4.1.35 **Description** An incorrect privilege assignment exists in WPXPO PostX ultimate-post, potentially allowing privilege escalation. **Recommendations** Update PostX to a version later than 4.1.35.

**Name of the Vulnerable Software and Affected Versions** Sparkle WP Construction Light versions through 1.6.7 **Description** A missing authorization issue exists in Sparkle WP Construction Light, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update Sparkle WP Construction Light to a version later than 1.6.7.

**Name of the Vulnerable Software and Affected Versions** bPlugins Parallax Section block versions through 1.0.9 **Description** A missing authorization issue exists in the Parallax Section block of bPlugins. This allows access to functionality that is not properly restricted by Access Control Lists (ACLs). **Recommendations** Update the Parallax Section block to a version later than 1.0.9.

**Name of the Vulnerable Software and Affected Versions** FantasticPlugins WooCommerce Recover Abandoned Cart versions through 24.6.0 **Description** An authorization issue exists in FantasticPlugins WooCommerce Recover Abandoned Cart. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update FantasticPlugins WooCommerce Recover Abandoned Cart to a version later than 24.6.0.

**Name of the Vulnerable Software and Affected Versions** Tyler Moore Super Blank versions through 1.2.0 **Description** An authorization issue exists in Tyler Moore Super Blank, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update Tyler Moore Super Blank to a version later than 1.2.0.

**Name of the Vulnerable Software and Affected Versions** PenciDesign Soledad versions n/a through 8.6.9 **Description** A flaw exists in PenciDesign Soledad that allows for privilege escalation. This allows subscribers to take over WordPress sites. **Recommendations** Update PenciDesign Soledad to a version later than 8.6.9.

**Name of the Vulnerable Software and Affected Versions** bPlugins Voice Feedback versions through 1.0.3 **Description** A privilege assignment issue exists in bPlugins Voice Feedback voice-feedback, potentially allowing privilege escalation. **Recommendations** Update bPlugins Voice Feedback to a version later than 1.0.3.

**Name of the Vulnerable Software and Affected Versions** WP SMS versions through 7.0.1 **Description** A missing authorization flaw exists in VeronaLabs WP SMS wp-sms. The issue allows unauthorized access due to insufficient checks. **Recommendations** Update WP SMS to a version newer than 7.0.1.

**Name of the Vulnerable Software and Affected Versions** SmartCrawl versions through 3.14.3 **Description** A missing authorization issue exists in WPMU DEV - Your All-in-One WordPress Platform SmartCrawl smartcrawl-seo. The issue concerns a lack of proper authorization checks, potentially allowing unauthorized access. **Recommendations** Update SmartCrawl to a version newer than 3.14.3.