Jingle Bells

**Name of the Vulnerable Software and Affected Versions** Data Tables Generator by Supsystic versions 1.10.36 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This is due to improperly set security configurations, leading to unauthorized access. **Recommendations** For versions 1.10.36 and earlier, update to a version that addresses the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPSSO Core versions n/a through 18.18.1 **Description** The issue is related to a Missing Authorization vulnerability in JS Morisset WPSSO Core, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WPSSO Core versions n/a through 18.18.1, update to a version later than 18.18.1 to resolve the issue. At the moment, there is no information about additional mitigation measures or workarounds for this specific vulnerability.

Name of the Vulnerable Software and Affected Versions: Iqonic Design WPBookit versions 1.6.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially compromising the security of the system. Recommendations: For versions 1.6.0 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SeedProd Pro versions prior to 6.18.11 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions prior to 6.18.11, update to version 6.18.11 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Bill Minozzi Car Dealer versions n/a through 4.46 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through 4.46, update to a version that addresses the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UkrSolution Barcode Scanner with Inventory & Order Manager versions 1.6.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For versions 1.6.6 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cryptocurrency Price Widget versions n/a through 1.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the Cryptocurrency Price Widget. Recommendations: For versions n/a through 1.2.3, consider disabling the widget until a patch is available to prevent potential exploitation. Restrict access to the widget to minimize the risk of Stored XSS attacks. Avoid using the widget in sensitive environments until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Mark New Posts versions n/a through 7.5.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through 7.5.1, update to a version later than 7.5.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Notibar versions n/a through 2.1.4 Description: The issue is related to a Missing Authorization vulnerability in Ninja Team Notibar, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through 2.1.4, update to a version later than 2.1.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of Notibar to minimize the risk of exploitation due to incorrectly configured access control security levels.