Jitlada

**Name of the Vulnerable Software and Affected Versions** WpBookingly versions prior to 1.2.9 **Description** A missing authorization issue in WpBookingly allows for the exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version newer than 1.2.9.

**Name of the Vulnerable Software and Affected Versions** Fernando Briano List category posts versions n/a through 0.93.1 **Description** An improper neutralization of input during web page generation issue exists, leading to a DOM-based cross-site scripting condition in the List category posts list-category-posts component. This allows for potential execution of malicious scripts within the context of a user's browser. **Recommendations** Update Fernando Briano List category posts to a version greater than 0.93.1.

**Name of the Vulnerable Software and Affected Versions** blubrry PowerPress Podcasting versions through 11.15.13 **Description** A flaw exists in blubrry PowerPress Podcasting that allows for Stored Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is PowerPress Podcasting. **Recommendations** Update to a version later than 11.15.13.

**Name of the Vulnerable Software and Affected Versions** immonex Kickstart versions through 1.13.0 **Description** The software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by other users. The issue affects immonex Kickstart. **Recommendations** Update immonex Kickstart to a version later than 1.13.0.

**Name of the Vulnerable Software and Affected Versions** Elementor Image Optimizer versions through 1.7.1 **Description** An authorization issue exists in Elementor Image Optimizer. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update Elementor Image Optimizer to a version later than 1.7.1.

**Name of the Vulnerable Software and Affected Versions** Live sales notification for WooCommerce versions prior to 2.3.46 **Description** A missing authorization issue exists in Live sales notification for WooCommerce. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update Live sales notification for WooCommerce to a version greater than 2.3.46.

**Name of the Vulnerable Software and Affected Versions** KaizenCoders URL Shortify versions through 1.12.3 **Description** A Server-Side Request Forgery (SSRF) vulnerability exists in KaizenCoders URL Shortify. This flaw allows for Server Side Request Forgery. The vulnerability is present in the `url-shortify` component. **Recommendations** Update KaizenCoders URL Shortify to a version later than 1.12.3.

**Name of the Vulnerable Software and Affected Versions** Dynamic Widget Content plugin for WordPress versions through 1.3.6 **Description** The Dynamic Widget Content plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through the widget content field within the Gutenberg editor sidebar, stemming from inadequate input sanitization and output escaping of user-provided attributes. Authenticated attackers possessing Contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will then execute each time a user accesses the affected page. **Recommendations** Update the Dynamic Widget Content plugin to a version beyond 1.3.6.

**Name of the Vulnerable Software and Affected Versions** Smart Appointment & Booking plugin for WordPress versions up to and including 1.0.7 **Description** The Smart Appointment & Booking plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `saab save form data` AJAX action. This is due to inadequate input sanitization and output escaping of user-provided attributes. Authenticated attackers with Subscriber-level access or higher can inject malicious web scripts into pages. These scripts will execute when a user accesses the compromised page. The vulnerable parameter is not specified. **Recommendations** Update the Smart Appointment & Booking plugin to a version newer than 1.0.7.

**Name of the Vulnerable Software and Affected Versions** LogicHunt Logo Slider versions through 4.9.0 **Description** The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. The issue affects the Logo Slider component. **Recommendations** Update to a version newer than 4.9.0.

**Name of the Vulnerable Software and Affected Versions** Devsbrain Flex QR Code Generator versions through 1.2.8 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-site Scripting issue. This allows for the execution of malicious scripts within the context of the affected web page. **Recommendations** Update Devsbrain Flex QR Code Generator to a version later than 1.2.8.

**Name of the Vulnerable Software and Affected Versions** artplacer ArtPlacer Widget versions through 2.23.1 **Description** The ArtPlacer Widget contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This can potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is the `artplacer-widget`. **Recommendations** Update to a version of ArtPlacer Widget greater than 2.23.1.

**Name of the Vulnerable Software and Affected Versions** Easy Form Builder versions through 3.9.6 **Description** An authorization issue exists in Easy Form Builder that allows exploitation of incorrectly configured access control security levels. **Recommendations** Update Easy Form Builder to a version later than 3.9.6.

**Name of the Vulnerable Software and Affected Versions** Hakob Re Gallery & Responsive Photo Gallery Plugin versions through 1.17.18 **Description** The Hakob Re Gallery & Responsive Photo Gallery Plugin has a flaw related to incorrectly configured access control security levels, allowing for missing authorization. The issue enables exploitation of these security levels. **Recommendations** Update Hakob Re Gallery & Responsive Photo Gallery Plugin to a version later than 1.17.18.

**Name of the Vulnerable Software and Affected Versions** Northern Beaches Websites WP Custom Admin Interface versions through 7.40 **Description** An authorization issue exists in the Northern Beaches Websites WP Custom Admin Interface, stemming from incorrectly configured access control security levels. This allows for unauthorized access. **Recommendations** Update to a version later than 7.40.

**Name of the Vulnerable Software and Affected Versions** BoomDevs WordPress Coming Soon Plugin versions through 1.0.4 **Description** The BoomDevs WordPress Coming Soon Plugin contains a flaw that allows the retrieval of embedded sensitive data, potentially exposing system information to unauthorized parties. Approximately 20,000 installations of the plugin may be affected. The issue involves an exposure of sensitive system information to an unauthorized control sphere. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digages Direct Payments WP versions through 1.3.0 **Description** A flaw exists in Digages Direct Payments WP that allows the retrieval of embedded sensitive data, leading to exposure of sensitive system information to an unauthorized control sphere. **Recommendations** Update Digages Direct Payments WP to a version later than 1.3.0.

**Name of the Vulnerable Software and Affected Versions** Vollstart Serial Codes Generator and Validator with WooCommerce Support versions through 2.8.2 **Description** The software contains a missing authorization issue stemming from incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update to a version newer than 2.8.2.

**Name of the Vulnerable Software and Affected Versions** Marco Milesi WP Attachments versions through 5.2 **Description** A missing authorization issue exists in Marco Milesi WP Attachments, stemming from incorrectly configured access control security levels. This allows for potential exploitation of the system. **Recommendations** Update Marco Milesi WP Attachments to a version later than 5.2.

**Name of the Vulnerable Software and Affected Versions** Ruhul Amin Content Fetcher versions through 1.1 **Description** The Ruhul Amin Content Fetcher software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-Site Scripting (XSS) issue. This allows for the potential execution of malicious scripts within the application. The vulnerability exists due to insufficient sanitization of user-supplied input before it is incorporated into the web page's Document Object Model (DOM). This could allow an attacker to inject arbitrary HTML or JavaScript code into the page, which would then be executed by the victim's browser. The affected API endpoints and vulnerable parameters were not specified. **Recommendations** Update Ruhul Amin Content Fetcher to a version beyond 1.1.