Keyloggervk7

**Name of the Vulnerable Software and Affected Versions** Easy Form Builder WordPress plugin versions prior to 3.4.0 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and escaped, and this vulnerability can be exploited even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to access and modify the plugin's settings until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WP Page Builder versions 1.2.8 and earlier **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For WP Page Builder versions 1.2.8 and earlier, update to a version later than 1.2.8 to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EditableTable WordPress plugin versions prior to 0.1.5 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of Table and Column fields. This can occur even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 0.1.5, update to version 0.1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin versions prior to 3.1.8 **Description** The issue allows high privilege users, such as admins, to set JavaScript payloads in some settings, even when the unfiltered html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue. This occurs because the plugin does not properly sanitise or escape some of its settings before saving and outputting them back in the page. **Recommendations** For versions prior to 3.1.8, update to version 3.1.8 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify settings that could be used to inject JavaScript payloads.