Doan Dinh Van

**Name of the Vulnerable Software and Affected Versions** Themeisle Visualizer versions prior to 4.0.0 **Description** Improper neutralization of input during web page generation allows for stored cross-site scripting (XSS), a flaw where malicious scripts are permanently stored on the target server and later executed in the browser of a user visiting the affected page. **Recommendations** Update to version 4.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Iulia Cazan Latest Post Shortcode versions through 14.2.1 **Description** The Latest Post Shortcode software contains a missing authorization issue. This allows exploitation due to incorrectly configured access control security levels. **Recommendations** Update to a version later than 14.2.1.

**Name of the Vulnerable Software and Affected Versions** Simpma Embed Calendly versions through 4.4 **Description** The software contains a flaw related to improper input neutralization during web page generation, leading to a cross-site scripting issue. This allows for stored cross-site scripting attacks. The affected component is `embed-calendly-scheduling`. **Recommendations** Update to a version later than 4.4.

**Name of the Vulnerable Software and Affected Versions** David Lingren Media Library Assistant versions through 3.32 **Description** The software contains an improper neutralization of special elements used in an SQL command, leading to a blind SQL injection issue. This allows for potential unauthorized access or modification of data through crafted SQL queries. The API endpoints and vulnerable parameters are not specified in the provided information. **Recommendations** Update David Lingren Media Library Assistant to a version later than 3.32.

**Name of the Vulnerable Software and Affected Versions** robfelty Collapsing Categories versions through 3.0.9 **Description** The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, specifically a Blind SQL Injection. This allows for potential unauthorized access to or modification of data within the database. The issue stems from improper handling of special elements in SQL commands. **Recommendations** Versions prior to 3.0.9 should be updated.

**Name of the Vulnerable Software and Affected Versions** robfelty Collapsing Archives versions through 3.0.7 **Description** A flaw exists in robfelty Collapsing Archives that allows for Blind SQL Injection. This issue is due to improper neutralization of special elements used in an SQL command. **Recommendations** Versions prior to 3.0.7 should be updated.

**Name of the Vulnerable Software and Affected Versions** Builderall Builder for WordPress versions through 3.0.1 **Description** The software contains a flaw related to improper control of code generation, potentially allowing code injection. The issue exists in Builderall Builder for WordPress builderall-cheetah-for-wp. **Recommendations** Update Builderall Builder for WordPress to a version later than 3.0.1.

**Name of the Vulnerable Software and Affected Versions** ThemeRuby Easy Post Submission versions through 2.2.0 **Description** The software contains a missing authorization flaw, allowing exploitation of incorrectly configured access control security levels. The issue allows unauthorized access. **Recommendations** Update ThemeRuby Easy Post Submission to a version later than 2.2.0.

**Name of the Vulnerable Software and Affected Versions** rtMedia for WordPress, BuddyPress and bbPress versions through 4.7.8 **Description** The rtMedia plugin for WordPress, BuddyPress and bbPress contains a flaw that could allow unauthorized retrieval of sensitive embedded data. This issue is related to the exposure of sensitive system information to an unauthorized control sphere. **Recommendations** Update rtMedia to a version newer than 4.7.8.

**Name of the Vulnerable Software and Affected Versions** Rustaurius Ultimate Reviews versions through 3.2.16 **Description** An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. There is no information about the number of potentially affected devices or real-world incidents. **Recommendations** Update Rustaurius Ultimate Reviews to a version later than 3.2.16.

**Name of the Vulnerable Software and Affected Versions** LifePress versions through 2.1.3 **Description** An authorization issue exists in LifePress, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update LifePress to a version later than 2.1.3.

**Name of the Vulnerable Software and Affected Versions** Nelio Content versions through 4.1.0 **Description** A flaw exists in Nelio Content that allows for Blind SQL Injection. This is due to improper neutralization of special elements used in SQL commands. The issue could potentially impact systems utilizing the software. **Recommendations** Update Nelio Content to a version later than 4.1.0.

**Name of the Vulnerable Software and Affected Versions** Easy Modal versions through 2.1.0 **Description** The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting (XSS). This specific instance allows for Stored XSS, meaning malicious scripts can be stored on the target server and executed by other users. **Recommendations** Update Easy Modal to a version later than 2.1.0.

**Name of the Vulnerable Software and Affected Versions** Stephen Harris Event Organiser event-organiser versions through 3.12.8 **Description** An issue exists in Stephen Harris Event Organiser event-organiser related to incorrectly configured access control security levels, potentially allowing unauthorized access. The vulnerability involves a missing authorization check. **Recommendations** Update to a version later than 3.12.8.

**Name of the Vulnerable Software and Affected Versions** wpDiscuz versions through 7.6.40 **Description** An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. **Recommendations** Update wpDiscuz to a version later than 7.6.40.

**Name of the Vulnerable Software and Affected Versions** SimpleCalendar versions through 3.5.9 **Description** An authorization bypass exists due to user-controlled key vulnerability in Google Calendar Events. This allows exploitation of incorrectly configured access control security levels. **Recommendations** Update SimpleCalendar to a version newer than 3.5.9.

**Name of the Vulnerable Software and Affected Versions** BoldGrid weForms versions through 1.6.25 **Description** An authorization issue exists in BoldGrid weForms that allows exploitation due to incorrectly configured access control security levels. **Recommendations** Update BoldGrid weForms to a version later than 1.6.25.

**Name of the Vulnerable Software and Affected Versions** Ays Pro Popup box versions through 6.0.7 **Description** A Cross-Site Request Forgery issue exists in Ays Pro Popup box. This allows attackers to perform actions on behalf of an unsuspecting user. The issue affects the Popup box component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crowdsignal Forms versions through 1.7.2 **Description** A missing authorization issue exists in Automattic Crowdsignal Forms. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update Crowdsignal Forms to a version later than 1.7.2.

**Name of the Vulnerable Software and Affected Versions** PostX versions through 5.0.3 **Description** A flaw exists in WPXPO PostX ultimate-post that allows the retrieval of embedded sensitive data, leading to exposure of sensitive system information to an unauthorized control sphere. **Recommendations** Update PostX to a version newer than 5.0.3.