Kim Jong

**Name of the Vulnerable Software and Affected Versions** wpdevart Poll, Survey, Questionnaire and Voting system plugin versions <= 1.7.4 **Description** The issue is an Authenticated Cross-Site Scripting (XSS) vulnerability. It affects the wpdevart Poll, Survey, Questionnaire and Voting system plugin at WordPress, where an attacker with admin+ privileges can exploit this vulnerability. **Recommendations** For wpdevart Poll, Survey, Questionnaire and Voting system plugin versions <= 1.7.4, update to a version higher than 1.7.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** dmitrylitvinov Uploading SVG, WEBP and ICO files plugin version 1.0.1 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by an authenticated user with author or higher privileges. The vulnerability is caused by the ability to upload SVG, WEBP, and ICO files, which can contain malicious scripts. **Recommendations** For dmitrylitvinov Uploading SVG, WEBP and ICO files plugin version 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue. As a temporary workaround, consider disabling the upload of SVG, WEBP, and ICO files until a patch is available. Restrict access to the plugin's upload functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dmitrylitvinov Uploading SVG, WEBP and ICO files plugin version 1.0.1 and earlier **Description** The issue concerns an Authenticated Arbitrary File Upload vulnerability. This allows attackers to upload malicious files to the system, potentially leading to various security issues. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For dmitrylitvinov Uploading SVG, WEBP and ICO files plugin version 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** ideasToCode Enable SVG, WebP & ICO Upload plugin version 1.0.1 and earlier **Description** The issue allows authenticated users with author or higher roles to upload arbitrary files. This can be exploited by uploading malicious files to the server. **Recommendations** For ideasToCode Enable SVG, WebP & ICO Upload plugin version 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ideasToCode Enable SVG, WebP & ICO Upload plugin version 1.0.1 and earlier **Description** The issue is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker, who has at least author or higher user role, can inject malicious scripts into the website, which will be executed by other users' browsers. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For ideasToCode Enable SVG, WebP & ICO Upload plugin version 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Export All URLs plugin versions prior to 4.2 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with editor or higher user role can inject malicious scripts into the application, which can then be executed by other users. **Recommendations** For Export All URLs plugin versions prior to 4.2, update to version 4.2 or later to resolve the issue.