Khalid Yusuf

Name of the Vulnerable Software and Affected Versions: Omnipress versions n/a through 1.6.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attackers to inject malicious scripts into the webpage. Recommendations: For Omnipress versions n/a through 1.6.3, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ataur R GutenKit versions through 2.2.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions through 2.2.2, update to a version that fixes the Stored XSS issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Spider Elements – Addons for Elementor versions 1.6.2 and earlier Description: The issue is related to a lack of authorization in Spider Elements – Addons for Elementor, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For Spider Elements – Addons for Elementor version 1.6.2 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Spider Elements – Addons for Elementor versions 1.6.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For Spider Elements – Addons for Elementor versions 1.6.2 and earlier, update to a version later than 1.6.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Directorist AddonsKit for Elementor versions 1.1.6 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For Directorist AddonsKit for Elementor versions 1.1.6 and earlier, update to a version later than 1.1.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Team Members for Elementor Page Builder versions 1.0.0 through 1.0.4 **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. Specifically, it is a Stored XSS vulnerability, meaning the malicious script is stored on the server and executed when a user accesses the affected web page. **Recommendations** For Team Members for Elementor Page Builder versions 1.0.0 through 1.0.4, update to a version later than 1.0.4 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodegearThemes Designer versions 1.6.0 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS attacks. This means that an attacker could potentially inject malicious scripts into the website, affecting users' browsers. **Recommendations** For CodegearThemes Designer versions 1.6.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bPlugins All Embed – Elementor Addons versions 1.1.3 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For bPlugins All Embed – Elementor Addons versions 1.1.3 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elementor AI Addons versions prior to 2.2.2 **Description** The issue is related to improper neutralization of input during web page generation, allowing DOM-Based XSS. This enables potential attackers to execute malicious scripts in the context of the affected web page. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive features or inputs that could be used to exploit the DOM-Based XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** bPlugins LLC Button Block versions 1.1.5 and earlier **Description** The issue is related to missing authorization in bPlugins LLC Button Block, allowing access to functionality not properly constrained by Access Control Lists (ACLs). This means that certain functions can be accessed without the necessary permissions, potentially leading to unauthorized access. **Recommendations** For versions 1.1.5 and earlier, update to a version that properly constrains functionality with ACLs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bPlugins LLC Button Block versions 1.1.6 and earlier **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. **Recommendations** For bPlugins LLC Button Block versions 1.1.6 and earlier, as a temporary workaround, consider disabling the use of the Button Block until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** S3Player – WooCommerce & Elementor Integration versions prior to 4.2.1 **Description** The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting (XSS). This means an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised pages. **Recommendations** For versions prior to 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website that use the S3Player – WooCommerce & Elementor Integration until the update is applied.

**Name of the Vulnerable Software and Affected Versions** HashThemes Hash Elements versions 1.4.9 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. This allows attackers to inject malicious scripts into web pages. **Recommendations** For HashThemes Hash Elements versions 1.4.9 and earlier, update to a version later than 1.4.9 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** POSIMYTH Nexter Blocks versions 4.0.7 and earlier **Description** The issue is related to a Missing Authorization vulnerability in POSIMYTH Nexter Blocks, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 4.0.7 and earlier, update to a version that fixes the Missing Authorization vulnerability. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Pluginscafe Advanced Data Table For Elementor versions prior to 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into web pages, potentially affecting user sessions. Recommendations: For versions prior to 1.0.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Prodigy Commerce versions n/a through 3.0.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. Specifically, it is a DOM-Based XSS vulnerability, which allows malicious scripts to be executed in the browser. This can lead to unauthorized access to sensitive data. Recommendations: For Prodigy Commerce versions n/a through 3.0.8, update to a version later than 3.0.8 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Seerox Easy Blocks pro versions 1.0.0 through 1.0.21 Description: The issue is related to missing authorization, allowing access to functionality not properly constrained by Access Control Lists (ACLs). This means that certain features or resources may be accessible without the necessary permissions, potentially leading to unauthorized access or actions. Recommendations: For Seerox Easy Blocks pro versions 1.0.0 through 1.0.21, update to a version that properly constrains functionality with ACLs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Prodigy Commerce versions 3.0.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Prodigy Commerce, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For Prodigy Commerce versions 3.0.9 and earlier, update to a version that contains a fix for this issue, as the current version allows exploitation of security levels that are not configured correctly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Molongui versions prior to 4.7.3 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions prior to 4.7.3, update to version 4.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Beaver Builder Addons by WPZOOM versions 1.3.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.3.4 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.