Domiee13

**Name of the Vulnerable Software and Affected Versions** PDF for Elementor Forms + Drag And Drop Template Builder versions prior to 5.5.2 **Description** A missing authorization issue exists that allows the exploitation of incorrectly configured access control security levels. **Recommendations** Update to version 5.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** eLEOPARD Behance Portfolio Manager versions through 1.7.5 **Description** The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be stored on the server and executed by other users when they view the affected web page. The vulnerability affects the Behance Portfolio Manager. The issue allows for the injection of malicious code through web pages. **Recommendations** Update eLEOPARD Behance Portfolio Manager to a version later than 1.7.5.

**Name of the Vulnerable Software and Affected Versions** ConoHa by GMO WING WordPress Migrator versions through 1.1.9 **Description** A Cross-Site Request Forgery (CSRF) issue exists in ConoHa by GMO WING WordPress Migrator. This allows for the upload of a web shell to a web server. Exploitation requires a victim to click a malicious link. **Recommendations** Update to version 1.1.9.

**Name of the Vulnerable Software and Affected Versions** FunnelCockpit versions 1.4.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). Specifically, it is a Reflected XSS vulnerability. This means that an attacker can inject malicious code into a website, which is then reflected back to the user, potentially allowing the attacker to steal user data or take control of the user's session. **Recommendations** For FunnelCockpit versions 1.4.2 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Falang multilanguage versions 1.3.61 and earlier Description: A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.3.61 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided in the available data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Rootspersona versions 3.7.5 and earlier Description: A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This issue may be exploited by an attacker to perform actions without the user's knowledge or consent. Recommendations: For versions 3.7.5 and earlier, as a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Events Calendar versions through 6.11.2.1 Description: The issue is related to Missing Authorization, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions through 6.11.2.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Product Code for WooCommerce versions 1.5.0 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. Recommendations: For versions 1.5.0 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Url Rewrite Analyzer versions 1.3.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Url Rewrite Analyzer versions 1.3.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ed4becky Rootspersona versions n/a through 3.7.5 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through 3.7.5, update to a version that contains a fix for this issue, as the current version has incorrectly configured access control security levels that can be exploited. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Shortlinks by Pretty Links versions 3.6.15 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For versions 3.6.15 and earlier, update to a version later than 3.6.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** codepeople Music Player for WooCommerce versions 1.5.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. **Recommendations** For codepeople Music Player for WooCommerce versions 1.5.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rustaurius Ultimate WP Mail versions 1.3.4 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. **Recommendations** For Rustaurius Ultimate WP Mail versions 1.3.4 and earlier, update to a version later than 1.3.4 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GS Testimonial Slider versions 3.3.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability in GS Plugins GS Testimonial Slider, which allows exploiting incorrectly configured access control security levels. **Recommendations** For GS Testimonial Slider versions 3.3.0 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the GS Testimonial Slider plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hash Form versions 1.2.8 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized requests. **Recommendations** For versions 1.2.8 and earlier, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** slui Media Hygiene versions n/a through 4.0.0 **Description** The issue is related to a Missing Authorization vulnerability in slui Media Hygiene, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions n/a through 4.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT3 AI Content Writer versions 1.9.14 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the GPT3 AI Content Writer, allowing unauthorized actions to be performed on behalf of a user. **Recommendations** For versions 1.9.14 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Envo Extra versions 1.9.9 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Envo Extra versions 1.9.9 and earlier, update to a version that fixes the Missing Authorization issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pimwick PW WooCommerce Bulk Edit versions prior to 2.134 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 2.134, update to version 2.134 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ThimPress WP Pipes versions 1.4.2 and earlier **Description** The issue is a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to perform unauthorized actions on the server. This can lead to various security issues, including accessing sensitive data or taking control of the server. **Recommendations** For ThimPress WP Pipes versions 1.4.2 and earlier, update to a version later than 1.4.2 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.