Hwang Se-Yeon

Name of the Vulnerable Software and Affected Versions: PostX versions n/a through 4.1.15 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who visit the compromised page. Recommendations: For PostX versions n/a through 4.1.15, update to a version later than 4.1.15 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions 3.8.16 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users, potentially leading to unauthorized actions or data theft. Recommendations: For versions 3.8.16 and earlier, update to a version later than 3.8.16 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable features in Ninja Forms until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Ninja Forms versions 3.8.16 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users, potentially leading to unauthorized actions or data theft. Recommendations: For versions 3.8.16 and earlier, update to a version later than 3.8.16 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable features in Ninja Forms until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Adam Skaat Countdown & Clock versions through 2.8.0.9 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the web page, potentially leading to unauthorized actions or data theft. Recommendations: For versions through 2.8.0.9, update to a version that contains a fix for this issue, as using outdated versions may expose users to stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PostX versions prior to 4.1.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. Recommendations: For versions prior to 4.1.13, update to version 4.1.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HelpieWP Accordion & FAQ – Helpie WordPress Accordion FAQ Plugin versions 1.27 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows Stored XSS to occur, which is a type of attack where an attacker injects malicious code into a website, and this code is stored on the server. When other users access the website, the malicious code is executed, potentially leading to unauthorized actions or data theft. **Recommendations** For versions 1.27 and earlier, update to a version that fixes the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Paul Bearne Author Avatars List/Block versions 2.1.21 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means an attacker can inject malicious scripts into the website, potentially leading to attacker-controlled script execution. **Recommendations** For versions 2.1.21 and earlier, update the plugin to the latest patched version immediately to resolve the issue. As a temporary workaround, consider restricting access to the plugin until the update is applied.