Dhakal Ananda

**Name of the Vulnerable Software and Affected Versions** Better Messages plugin versions <= 1.9.10.69 **Description** The issue is related to an authentication bypass vulnerability in the Better Messages plugin for WordPress, specifically affecting messaging block functionality for subscribers and above. **Recommendations** For Better Messages plugin versions <= 1.9.10.69, update to a version higher than 1.9.10.69 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Better Messages plugin version 1.9.10.68 **Description** The issue is related to an Authenticated Server-Side Request Forgery (SSRF) vulnerability. This means that an attacker could potentially forge requests to internal or external services, but only if they have authenticated access to the system as a subscriber or higher. **Recommendations** For Better Messages plugin version 1.9.10.68, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to sensitive internal services to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wpDiscuz plugin version 7.4.2 **Description** The issue is related to an Insecure Direct Object References (IDOR) vulnerability in the Comments section of the wpDiscuz plugin on WordPress, which requires authentication with subscriber or higher privileges. **Recommendations** For wpDiscuz plugin version 7.4.2, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** gVectors Team wpForo Forum plugin versions <= 2.0.5 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that can lead to topic deletion. This occurs in the gVectors Team wpForo Forum plugin on WordPress. **Recommendations** For gVectors Team wpForo Forum plugin versions <= 2.0.5, update to a version higher than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive topics or implementing additional CSRF protection measures until a patch is available.

**Name of the Vulnerable Software and Affected Versions** wpForo Forum plugin versions <= 2.0.5 **Description** The issue is related to an insecure direct object references (IDOR) vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as solved or unsolved. **Recommendations** For wpForo Forum plugin versions <= 2.0.5, update to a version higher than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting the ability to mark posts as solved or unsolved to higher user roles until a patch is available.

**Name of the Vulnerable Software and Affected Versions** wpForo Forum plugin versions <= 2.0.5 **Description** The issue is related to an insecure direct object references (IDOR) vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as private or public. **Recommendations** For wpForo Forum plugin versions <= 2.0.5, update to a version higher than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting user roles to prevent subscribers or higher from accessing the forum post settings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPlus WordPress Better Messages plugin versions <= 1.9.10.57 **Description** The issue is an authenticated Denial Of Service (DoS) vulnerability. This means that an attacker who has subscriber-level access or higher can exploit this issue to cause a denial of service. **Recommendations** For WordPlus WordPress Better Messages plugin versions <= 1.9.10.57, update to a version higher than 1.9.10.57 to resolve the issue.