Khang Duong

**Name of the Vulnerable Software and Affected Versions** digireturn Simple Fixed Notice versions 1.6 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user into performing an unintended action on a web application that the user is authenticated to. **Recommendations** For versions 1.6 and earlier, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** raphaelheide Donate Me versions 1.2.5 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of user sessions. **Recommendations** For versions 1.2.5 and earlier, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** digireturn DN Footer Contacts versions 1.8 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user into performing an unintended action on a web application that the user is authenticated to. **Recommendations** For versions 1.8 and earlier, as a temporary workaround, consider implementing additional validation checks to ensure that requests are genuine and not forged. Restrict access to sensitive functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** verkkovaraani Print PDF Generator and Publisher versions 1.2.0 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user. **Recommendations** For versions 1.2.0 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wow-Company Float menu versions n/a through 6.1.2 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that affects the Float menu, allowing unauthorized requests to be made on behalf of the user. **Recommendations** For versions n/a through 6.1.2, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Paytm Payment Donation versions through 2.3.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions through 2.3.3, update to a version later than 2.3.3 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the web page generation process.

**Name of the Vulnerable Software and Affected Versions** WPBookit versions 1.0.1 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS. **Recommendations** For WPBookit versions 1.0.1 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** The Notibar – Notification Bar for WordPress plugin versions up to, and including, 2.1.5 **Description** The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 2.1.5, update to a version that includes the necessary input sanitization and output escaping fixes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting administrator-level permissions and enabling the unfiltered html capability to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Elfsight Yottie Lite versions 1.3.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the application, potentially leading to unauthorized actions on behalf of other users. Recommendations: For Elfsight Yottie Lite versions 1.3.3 and earlier, update to a version later than 1.3.3 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using the vulnerable version of Elfsight Yottie Lite until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP Spell Check versions through 9.21 **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized requests. This can lead to various security problems, as an attacker could potentially perform actions on behalf of a user without their knowledge or consent. **Recommendations** For versions through 9.21, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Button Generator – easily Button Builder versions n/a through 3.1.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions n/a through 3.1.1, update to a version later than 3.1.1 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bubble Menu – circle floating menu versions through 4.0.2 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. **Recommendations** For versions through 4.0.2, update to a version later than 4.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wow-Company Counter Box versions 2.0.5 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's behalf. **Recommendations** For versions 2.0.5 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Herd Effects versions through 6.2.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. **Recommendations** For versions through 6.2.1, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wow-Company Modal Window versions through 6.1.4 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as submitting a form or clicking a link. **Recommendations** For versions through 6.1.4, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wow-Company Sticky Buttons versions through 4.1.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user into performing an unintended action on a web application that the user is authenticated to. **Recommendations** For versions through 4.1.1, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Side Menu Lite versions through 5.3.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as clicking on a malicious link or submitting a form. **Recommendations** For versions through 5.3.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ShMapper by Teplitsa versions 1.5.0 and earlier **Description** The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.5.0 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wow-Company Popup Box versions 3.2.4 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. **Recommendations** For versions 3.2.4 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** wpdevelop oplugins Email Reminders versions n/a through 2.0.5 **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Stored XSS in wpdevelop oplugins Email Reminders. **Recommendations** For versions n/a through 2.0.5, update to a version later than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.