Dhananjay Garg

**Name of the Vulnerable Software and Affected Versions** Cybersoldier WordPress plugin versions prior to 1.7.0 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of URL settings before outputting them in an attribute. This can occur even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Caldera Forms WordPress plugin versions prior to 1.9.5 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the Form Name before outputting it in attributes, even when the unfiltered html capability is disallowed. Recommendations: For versions prior to 1.9.5, update to version 1.9.5 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to input Form Names until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Contact Form, Survey & Popup Form Plugin for WordPress versions prior to 1.5 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to improper sanitization of some settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.5, update to version 1.5 or later to resolve the issue.