Kang Seohee

**Name of the Vulnerable Software and Affected Versions** PickPlugins User profile versions n/a through 2.0.20 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the User profile. **Recommendations** For versions n/a through 2.0.20, update to a version later than 2.0.20 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Etoile Web Design Ultimate Reviews versions through 3.2.8 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject malicious scripts into web pages, potentially affecting users who access these pages. **Recommendations** For versions through 3.2.8, update to a version later than 3.2.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Delower WP To Do versions 1.2.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For Delower WP To Do versions 1.2.8 and earlier, update to a version later than 1.2.8 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings versions 1.5.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS, which can be exploited by attackers to inject malicious scripts into web pages. **Recommendations** For versions 1.5.1 and earlier, update to a version later than 1.5.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.