Justiice

**Name of the Vulnerable Software and Affected Versions** Duplicate Post Page Menu & Custom Post Type versions 2.3.1 through 2.4.1 **Description** The issue affects the Duplicate Post Page Menu & Custom Post Type plugin, allowing for broken access control due to missing authorization. This enables exploitation of incorrectly configured access control security levels. **Recommendations** For versions 2.3.1 through 2.4.1, update to the latest version to secure the site. As a temporary workaround, consider restricting access to the plugin's functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** AJAX Thumbnail Rebuild versions 1.13 and earlier **Description** The issue is related to a Missing Authorization vulnerability. This vulnerability affects the AJAX Thumbnail Rebuild software. **Recommendations** For versions 1.13 and earlier, update to a version that includes the fix for this issue, as no specific workaround is provided in the available data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kainex Wise Chat versions 3.1.3 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects Kainex Wise Chat. This issue allows an attacker to perform unintended actions on a user's account. **Recommendations** For versions 3.1.3 and earlier, update to a version later than 3.1.3 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Leo Caseiro Custom Options Plus plugin versions prior to 1.8.2 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Malinky Ajax Pagination and Infinite Scroll plugin versions <= 2.0.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Malinky Ajax Pagination and Infinite Scroll plugin versions <= 2.0.1, update to a version higher than 2.0.1 to resolve the issue. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** UsersWP versions 1.2.3.9 and earlier **Description** The issue is related to the improper neutralization of formula elements in a CSV file, which affects the UsersWP software. **Recommendations** For versions 1.2.3.9 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Spiffy Calendar versions through 4.9.1 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions through 4.9.1, update to a version later than 4.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the SQL command functionality until a patch is available. Avoid using user-provided input in SQL commands without proper sanitization until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Anadnet Quick Page/Post Redirect Plugin plugin versions <= 5.2.3 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Anadnet Quick Page/Post Redirect Plugin plugin versions <= 5.2.3, update to a version higher than 5.2.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Lucian Apostol Auto Affiliate Links plugin versions <= 6.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 6.3, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Don Benjamin WP Custom Fields Search plugin versions 1.2.34 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Don Benjamin WP Custom Fields Search plugin. **Recommendations** For Don Benjamin WP Custom Fields Search plugin versions 1.2.34 and earlier, consider updating to a version that is not affected by this issue, as the current version is vulnerable to Stored Cross-Site Scripting (XSS). At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flyzoo Flyzoo Chat plugin versions <= 2.3.3 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions <= 2.3.3, update to a version higher than 2.3.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Gopi Ramasamy Continuous announcement scroller plugin versions <= 13.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Gopi Ramasamy Continuous announcement scroller plugin. **Recommendations** For versions <= 13.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zia Imtiaz Custom Login Page Styler for WordPress plugin versions <= 6.2 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into the application, which can then be executed by other users. **Recommendations** For Zia Imtiaz Custom Login Page Styler for WordPress plugin versions <= 6.2, update to a version higher than 6.2 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ulf Benjaminsson WP-dTree plugin versions <= 4.4.5 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Ulf Benjaminsson WP-dTree plugin versions <= 4.4.5, update to a version higher than 4.4.5 to resolve the issue. At the moment, there is no information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Cornel Raiu WP Search Analytics plugin versions 1.4.5 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Cornel Raiu WP Search Analytics plugin versions 1.4.5 and earlier, update to a version later than 1.4.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tim Stephenson WP-CORS plugin versions 0.2.1 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Tim Stephenson WP-CORS plugin versions 0.2.1 and earlier, update to a version later than 0.2.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Custom4Web Affiliate Links Lite plugin versions <= 2.5 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to be stored on the site, potentially leading to unauthorized actions. **Recommendations** For Custom4Web Affiliate Links Lite plugin versions <= 2.5, update to a version higher than 2.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PixelGrade PixFields plugin versions 0.7.0 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by contributors or users with higher authentication levels. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For PixelGrade PixFields plugin versions 0.7.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin versions <= 1.9.4.0 **Description** The issue is related to insecure storage of sensitive information. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions <= 1.9.4.0, update to a version higher than 1.9.4.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jeffrey-WP Media Library Categories plugin versions prior to 1.9.9 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability requires authentication with admin+ privileges. **Recommendations** For versions prior to 1.9.9, update to version 1.9.9 or later to resolve the issue.