Jsgm

**Name of the Vulnerable Software and Affected Versions** Dario Curvino Yasr – Yet Another Stars Rating plugin versions <= 3.1.2 **Description** The issue is related to a Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions. **Recommendations** For Dario Curvino Yasr – Yet Another Stars Rating plugin versions <= 3.1.2, update to a version higher than 3.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP-Ban (affected versions not specified) **Description** A problematic issue has been found in WP-Ban, affecting the `toggle checkbox` function of the file ban-options.php. The manipulation of the argument `$ SERVER["HTTP USER AGENT"]` leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** To fix this issue, it is recommended to apply a patch. The name of the patch is 13e0b1e922f3aaa3f8fcb1dd6d50200dd693fd76. As a temporary workaround, consider disabling the `toggle checkbox` function until a patch is available. Restrict access to the ban-options.php file to minimize the risk of exploitation. Avoid using the `$ SERVER["HTTP USER AGENT"]` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ezoic plugin versions prior to 2.8.9 **Description** The issue allows for unauthenticated changes to plugin settings, leading to stored XSS. **Recommendations** For Ezoic plugin versions prior to 2.8.9, update to version 2.8.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ezoic plugin versions <= 2.8.8 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which can then be executed by other users. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For Ezoic plugin versions <= 2.8.8, update to a version higher than 2.8.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PlausibleHQ Plausible Analytics (WordPress plugin) version 1.2.2 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) in the PlausibleHQ Plausible Analytics WordPress plugin. This type of attack occurs when an attacker injects malicious code into a website, and this code is stored on the server. When other users access the website, the malicious code is executed, potentially allowing the attacker to steal user data or take control of user sessions. The attack requires the perpetrator to have an admin or higher user role. **Recommendations** For PlausibleHQ Plausible Analytics (WordPress plugin) version 1.2.2 and earlier, update to a version later than 1.2.2 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.