Hlog

Name of the Vulnerable Software and Affected Versions: Content No Cache versions 0.1.3 and earlier Description: The issue is related to an Improper Control of Generation of Code ('Code Injection') vulnerability, which allows Code Injection. This vulnerability affects the Content No Cache software. Recommendations: For Content No Cache versions 0.1.3 and earlier, update to a version that contains a fix for this issue, as the current version allows code injection due to improper control of code generation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FasterThemes FastBook versions 1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. Recommendations: For FasterThemes FastBook versions 1.1 and earlier, update to a version that addresses the Stored XSS issue, as no specific fix is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SpecFit-Virtual Try On Woocommerce versions 7.0.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. Recommendations: For SpecFit-Virtual Try On Woocommerce versions 7.0.6 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ifkooo One-Login versions n/a through 1.4 **Description** The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation in ifkooo One-Login. **Recommendations** For ifkooo One-Login versions n/a through 1.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPP Slideshow versions 1.3.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For GPP Slideshow versions 1.3.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wordapp versions 1.7.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Wordapp Team Wordapp, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.7.0 and earlier, update to a version that fixes the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Compress for MainWP versions through 6.30.32 **Description** The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For versions through 6.30.32, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Direct Checkout for WooCommerce Lite versions 1.0.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For versions 1.0.3 and earlier, update to a version that contains a fix for this issue, as the current version allows unauthorized access to certain functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** whassan KI Live Video Conferences versions n/a through 5.5.15 **Description** The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. **Recommendations** For versions n/a through 5.5.15, update to a version later than 5.5.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** whassan KI Live Video Conferences versions 5.5.15 and earlier **Description** The issue is related to a Missing Authorization vulnerability that allows exploiting incorrectly configured access control security levels. This can be exploited in whassan KI Live Video Conferences. **Recommendations** For whassan KI Live Video Conferences versions 5.5.15 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FasterThemes FastBook versions 1.1 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user into performing an unintended action on a web application that the user is authenticated to. **Recommendations** For FasterThemes FastBook versions 1.1 and earlier, as a temporary workaround, consider implementing additional validation checks to ensure that requests are genuine and not forged. Restrict access to sensitive functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dastan800 Visual Header versions 1.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability that allows exploiting incorrectly configured access control security levels. **Recommendations** For dastan800 Visual Header versions 1.3 and earlier, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wbcom Designs - Activity Link Preview For BuddyPress versions 1.4.4 and earlier **Description** A Server-Side Request Forgery (SSRF) issue affects the software, allowing for Server Side Request Forgery. **Recommendations** For versions 1.4.4 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.