Hhhai

**Name of the Vulnerable Software and Affected Versions** Ahmad WP Job Portal versions prior to 2.5.1 **Description** Improper neutralization of input during web page generation allows Reflected Cross-Site Scripting (XSS), a flaw where an application includes untrusted data in a web page without proper validation or escaping, enabling attackers to execute malicious scripts in the victim's browser. **Recommendations** Update to a version later than 2.5.1.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14.

**Name of the Vulnerable Software and Affected Versions** Tainacan versions prior to 1.0.4 **Description** Tainacan is subject to Blind SQL Injection, which occurs when an application fails to properly neutralize special elements used in an SQL command, allowing an attacker to infer data by observing the application's response to specific queries. **Recommendations** Update to a version later than 1.0.3.

**Name of the Vulnerable Software and Affected Versions** WPCS versions prior to 1.3.2 **Description** Improper neutralization of input during web page generation in the RealMag777 WPCS currency-switcher allows for DOM-Based Cross-site Scripting (XSS), a flaw where the application contains client-side JavaScript that processes data from an untrusted source in an unsafe way, typically by writing the data to a dangerous sink. **Recommendations** Update to a version later than 1.3.1.

**Name of the Vulnerable Software and Affected Versions** Smart Coupons for WooCommerce versions prior to 2.3.0 **Description** A missing authorization issue in WebToffee Smart Coupons for WooCommerce allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action. **Recommendations** Update to version 2.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** TotalSuite TotalContest Lite versions through 2.9.1 **Description** An issue exists in TotalSuite TotalContest Lite that allows for object injection due to the deserialization of untrusted data. This can lead to potential compromise of the system. **Recommendations** Versions prior to 2.9.1 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPC Product Bundles for WooCommerce versions n/a through 8.4.5 **Description** An issue exists in WPClever WPC Product Bundles for WooCommerce where incorrectly configured access control security levels can be exploited due to a missing authorization check in the `woo-product-bundle` component. This allows unauthorized access. **Recommendations** Update WPC Product Bundles for WooCommerce to a version later than 8.4.5.

**Name of the Vulnerable Software and Affected Versions** Maciej Bis Permalink Manager Lite versions prior to 2.5.3 **Description** An authorization issue exists in Maciej Bis Permalink Manager Lite permalink-manager. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update Maciej Bis Permalink Manager Lite to version 2.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** Delay Redirects versions through 1.0.0 **Description** Delay Redirects is susceptible to a DOM-Based Cross-site Scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for potential malicious code execution within the context of the user's browser. **Recommendations** Update Delay Redirects to a version later than 1.0.0.