Dodoh4T

**Name of the Vulnerable Software and Affected Versions** BP Better Messages versions prior to 2.14.17 **Description** An authorization bypass exists due to user-controlled keys, which allows for the exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version later than 2.14.16.

**Name of the Vulnerable Software and Affected Versions** VikBooking Hotel Booking Engine & PMS versions prior to 1.9.0 **Description** An improper limitation of a pathname to a restricted directory, known as Path Traversal, allows access to files outside of the intended directory. **Recommendations** Update to a version later than 1.8.9.

**Name of the Vulnerable Software and Affected Versions** Booking Manager versions prior to 2.1.19 **Description** Booking Manager contains a stored cross-site scripting (XSS) flaw, which occurs when the application fails to properly neutralize input during the generation of web pages. This allows an attacker to store malicious scripts on the server that are later executed in the browsers of other users. **Recommendations** Update to a version later than 2.1.18.

**Name of the Vulnerable Software and Affected Versions** QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly versions prior to 3.2.8 **Description** An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in the quickwebp component. This flaw allows for arbitrary file deletion. **Recommendations** Update to a version newer than 3.2.7.