Flaviu Popescu

**Name of the Vulnerable Software and Affected Versions** stylish-cost-calculator-premium WordPress plugin versions prior to 7.9.0 **Description** The issue is related to a Stored Cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitised and escaped before being outputted back in the page. This could be exploited against admins when they view submissions submitted through the Email Quote Form. **Recommendations** For versions prior to 7.9.0, update to version 7.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Email Quote Form submissions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple 2FA Plugin for Moodle (affected versions not specified) **Description** A Two-Factor Authentication (2FA) bypass issue allows remote attackers to overwrite the phone number used for confirmation via the "profile.php" file, thereby bypassing the phone verification mechanism. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LMS Doctor Simple 2 Factor Authentication Plugin For Moodle version 2021072900 **Description** The issue allows remote attackers to update sensitive records, such as email, password, and phone number, of other user accounts due to an Insecure Direct Object References (IDOR) vulnerability. **Recommendations** For version 2021072900, at the moment, there is no information about a newer version that contains a fix for this vulnerability.