Elliot

**Name of the Vulnerable Software and Affected Versions** Toast Plugins Animator versions 3.0.10 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Toast Plugins Animator, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Toast Plugins Animator versions 3.0.10 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BadgeOS versions 3.7.1.6 and earlier **Description** The issue is related to a Missing Authorization vulnerability in LearningTimes BadgeOS, which allows exploiting incorrectly configured access control security levels. **Recommendations** For BadgeOS versions 3.7.1.6 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** YITH WooCommerce Product Add-Ons versions 4.2.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For YITH WooCommerce Product Add-Ons versions 4.2.0 and earlier, update to a version later than 4.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Inactive Logout versions n/a through 3.2.2 **Description** The issue is related to a Missing Authorization vulnerability in Inactive Logout, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For versions n/a through 3.2.2, consider restricting access to the Inactive Logout feature until a proper fix is applied, focusing on correctly configuring access control security levels to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Happy Coders Posts Like Dislike versions 1.1.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WP Happy Coders Posts Like Dislike versions 1.1.0 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Crowdfunding versions 2.1.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Themeum WP Crowdfunding, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 2.1.5 and earlier, update to a version later than 2.1.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the crowdfunding platform to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LuckyWP Scripts Control versions 1.2.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.2.1 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Button Generator – easily Button Builder versions n/a through 2.3.8 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions n/a through 2.3.8, update to a version later than 2.3.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Load More Anything versions 3.3.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability in AddonMaster Load More Anything. **Recommendations** For versions 3.3.3 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClickCease Click Fraud Protection versions n/a through 3.2.4 **Description** A Cross-Site Request Forgery (CSRF) issue affects ClickCease Click Fraud Protection. This type of issue allows an attacker to perform unintended actions on a web application that a user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions n/a through 3.2.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoftLab Radio Player versions 2.0.73 and earlier **Description** The issue is related to a Missing Authorization vulnerability in SoftLab Radio Player. **Recommendations** For SoftLab Radio Player versions 2.0.73 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk versions n/a through 6.20 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. It affects the Spam protection, Anti-Spam, FireWall by CleanTalk. **Recommendations** For versions n/a through 6.20, update to a version later than 6.20 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder versions 3.1.5 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the specified software. This type of issue allows an attacker to perform unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder versions 3.1.5 and earlier, update to a version later than 3.1.5 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** MarketingFire Editorial Calendar versions 3.7.12 and earlier **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar. **Recommendations** For versions 3.7.12 and earlier, update to a version later than 3.7.12 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Quantity Plus Minus Button for WooCommerce by CodeAstrology versions 1.1.9 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.1.9 and earlier, update to a version later than 1.1.9 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Button Generator – easily Button Builder versions n/a through 2.3.8 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions n/a through 2.3.8, update to a version later than 2.3.8 to resolve the issue. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Droit Dark Mode versions 1.1.2 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Droit Dark Mode versions 1.1.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** plainware.Com ShiftController Employee Shift Scheduling plugin versions <= 4.9.23 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For plainware.Com ShiftController Employee Shift Scheduling plugin versions <= 4.9.23, update to a version higher than 4.9.23 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Guillemant David WP Full Auto Tags Manager plugin versions <= 2.2 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Guillemant David WP Full Auto Tags Manager plugin versions <= 2.2, update to a version higher than 2.2 to resolve the issue. At the moment, there is no information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Muller Digital Inc. Duplicate Theme plugin versions 0.1.6 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application. **Recommendations** For Muller Digital Inc. Duplicate Theme plugin versions 0.1.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.