Jakub Herman

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from n/a through 2.7.5.

**Name of the Vulnerable Software and Affected Versions** WP Document Revisions versions prior to 4.0.0 **Description** A missing authorization issue in the Ben Balter WP Document Revisions plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action. **Recommendations** Update to version 4.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Stripe Payment Gateway for WooCommerce versions prior to 5.0.8 **Description** An authentication bypass using an alternate path or channel exists in the ThemeHigh Stripe Payment Gateway for WooCommerce, which allows for password recovery exploitation. **Recommendations** Update to a version newer than 5.0.7.

**Name of the Vulnerable Software and Affected Versions** Bowo Admin and Site Enhancements (ASE) versions through 8.4.0 **Description** A missing authorization issue exists in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements, allowing exploitation of incorrectly configured access control security levels. The issue impacts the application’s access control mechanisms. **Recommendations** Update to a version later than 8.4.0.

**Name of the Vulnerable Software and Affected Versions** Brizy versions through 2.7.23 **Description** An issue exists in Brizy where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. The vulnerability allows unauthorized access. **Recommendations** Update Brizy to a version later than 2.7.23.

**Name of the Vulnerable Software and Affected Versions** EnvoThemes Envo Extra versions through 1.9.13 **Description** A missing authorization flaw exists in EnvoThemes Envo Extra. This issue allows exploitation of incorrectly configured access control security levels. The vulnerability relates to inadequate restrictions on access to resources or functionalities, potentially allowing unauthorized users to perform actions they should not be able to. The affected component is `envo-extra`. **Recommendations** Update Envo Extra to a version later than 1.9.13.

**Name of the Vulnerable Software and Affected Versions** YMC Filter & Grids versions through 3.5.1 **Description** An authorization issue exists in YMC Filter & Grids ymc-smart-filter. The issue involves exploiting incorrectly configured access control security levels. **Recommendations** Update YMC Filter & Grids to a version later than 3.5.1.

**Name of the Vulnerable Software and Affected Versions** Jeff Starr Simple Ajax Chat versions prior to 20251122 **Description** A flaw exists in Jeff Starr Simple Ajax Chat that allows retrieval of embedded sensitive data, potentially exposing sensitive system information to an unauthorized control sphere. **Recommendations** Update Jeff Starr Simple Ajax Chat to a version later than 20251121.

**Name of the Vulnerable Software and Affected Versions** Kodezen LLC Academy LMS versions through 3.5.3 **Description** An authorization issue exists in Kodezen LLC Academy LMS, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update Kodezen LLC Academy LMS to a version later than 3.5.3.

**Name of the Vulnerable Software and Affected Versions** totalsoft TS Poll versions through 2.5.5 **Description** The software contains a Server-Side Request Forgery (SSRF) flaw. This allows for Server Side Request Forgery. The vulnerability exists due to insufficient input validation, potentially allowing an attacker to make requests on behalf of the server. **Recommendations** Update totalsoft TS Poll to a version later than 2.5.5.