Friday

**Name of the Vulnerable Software and Affected Versions** Easyship WooCommerce Shipping Rates versions 0.9.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 0.9.0 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AWESOME TOGI Product Category Tree versions n/a through 2.5 **Description** The issue is related to a Missing Authorization vulnerability in the AWESOME TOGI Product Category Tree, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For versions n/a through 2.5, update to a version that includes the fix for the Missing Authorization vulnerability. As a temporary workaround, consider restricting access to the Product Category Tree to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RT Easy Builder – Advanced addons for Elementor versions n/a through 2.0 **Description** The issue is related to a Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor. **Recommendations** For versions n/a through 2.0, update to a version later than 2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GenialSouls WP Social Comments versions 1.7.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability in GenialSouls WP Social Comments. **Recommendations** For GenialSouls WP Social Comments versions 1.7.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mega Addons For Elementor versions 1.8 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Mega Addons For Elementor. This vulnerability allows unauthorized access. **Recommendations** For Mega Addons For Elementor versions 1.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sumo versions 1.34 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.34 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Void Contact Form 7 Widget For Elementor Page Builder versions through 2.3 **Description** A Missing Authorization issue affects the Void Contact Form 7 Widget For Elementor Page Builder. This issue allows unauthorized access due to the lack of proper authorization checks. **Recommendations** For versions through 2.3, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Frédéric GILLES FG PrestaShop to WooCommerce versions 4.44.3 and earlier Frédéric GILLES FG Drupal to WordPress versions 3.67.0 and earlier Frédéric GILLES FG Joomla to WordPress versions 4.15.0 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. It affects several products from Frédéric GILLES, including FG PrestaShop to WooCommerce, FG Drupal to WordPress, and FG Joomla to WordPress. **Recommendations** For FG PrestaShop to WooCommerce versions 4.44.3 and earlier, update to a version later than 4.44.3. For FG Drupal to WordPress versions 3.67.0 and earlier, update to a version later than 3.67.0. For FG Joomla to WordPress versions 4.15.0 and earlier, update to a version later than 4.15.0.