Jean Tirstan T

**Name of the Vulnerable Software and Affected Versions** My Favorites versions n/a through 1.4.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 1.4.1, update to a version that fixes the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jethin Gallery Slideshow versions 1.4.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For Jethin Gallery Slideshow versions 1.4.1 and earlier, update to a version that fixes this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Biplob Adhikari Accordions versions 2.3.5 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.3.5 and earlier, update to a version later than 2.3.5 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** biplob018 Shortcode Addons versions 3.2.5 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 3.2.5 and earlier, update to a version later than 3.2.5 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Biplob Adhikari Tabs versions n/a through 4.0.6 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 4.0.6, update to a version later than 4.0.6 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** SKT Skill Bar versions prior to 2.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions prior to 2.0, update to version 2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Team Members versions through 5.3.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions through 5.3.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting user input to prevent malicious code injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CodePen Embedded Pens Shortcode versions 1.0.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For CodePen Embedded Pens Shortcode versions 1.0.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bradmax Player versions 1.1.27 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.1.27 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Conversational Forms for ChatBot versions 1.2.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For versions 1.2.0 and earlier, update to a version that fixes the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GhozyLab Image Slider Widget versions 1.1.125 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For GhozyLab Image Slider Widget versions 1.1.125 and earlier, update to a version that fixes this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** B Slider - Slider for your block editor versions 1.1.12 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions 1.1.12 and earlier, update to a version later than 1.1.12 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Falang multilanguage versions 1.3.47 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For versions 1.3.47 and earlier, update to a version later than 1.3.47 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Booking Activities versions 1.15.19 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or data theft. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions 1.15.19 and earlier, update to a version later than 1.15.19 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable web page generation functionality until a patch is available. Avoid using user-inputted data in the affected web page generation process until the issue is resolved. At the moment, there is no other information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Supsystic Slider by Supsystic versions 1.8.10 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject malicious scripts into the web page, potentially leading to unauthorized access or control. **Recommendations** For versions 1.8.10 and earlier, update to a version later than 1.8.10 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Creative Image Slider – Responsive Slider Plugin versions n/a through 2.1.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS. **Recommendations** For versions n/a through 2.1.3, update to a version later than 2.1.3 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Photo Gallery by Supsystic versions 1.15.16 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other security issues. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For versions 1.15.16 and earlier, update to a version later than 1.15.16 to resolve the issue. As a temporary workaround, consider restricting access to the `Photo Gallery by Supsystic` plugin until a patch is available. Avoid using the plugin's web page generation functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Supsystic Slider by Supsystic versions 1.8.10 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For versions 1.8.10 and earlier, update to a version later than 1.8.10 to resolve the issue. As a temporary workaround, consider restricting access to the SQL commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Slider Hero versions through 8.6.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who visit the site. **Recommendations** For versions through 8.6.1, update to a version later than 8.6.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Table & Contact Form 7 Database – Tablesome versions 1.0.0 through 1.0.27 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS, which can be exploited by attackers. The estimated number of potentially affected devices worldwide is not available. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions 1.0.0 through 1.0.27, update to a version later than 1.0.27 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.