Konagash

**Name of the Vulnerable Software and Affected Versions** CodePeople Appointment Hour Booking versions prior to 1.4.23 **Description** The issue is related to a missing authorization vulnerability in CodePeople Appointment Hour Booking, which allows the exploitation of incorrectly configured access control security levels. **Recommendations** For versions prior to 1.4.23, update to version 1.4.23 or later to resolve the issue. As a temporary workaround, consider reviewing and correcting the access control security levels configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hide My WP Ghost versions through 5.0.25 **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability in Hide My WP Ghost, a WordPress security plugin. This vulnerability allows Functionality Bypass. **Recommendations** For versions through 5.0.25, update to a version later than 5.0.25 to resolve the issue. As a temporary workaround, consider restricting access to authentication endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Arshid Easy Hide Login versions 1.0.8 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.0.8 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ReCorp Export WP Page to Static HTML/CSS plugin versions <= 2.1.9 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For ReCorp Export WP Page to Static HTML/CSS plugin versions <= 2.1.9, update to a version higher than 2.1.9 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LWS Hide Login plugin versions <= 2.1.6 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For LWS Hide Login plugin versions <= 2.1.6, update to a version higher than 2.1.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin versions <= 3.7.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 3.7.1, update to a version higher than 3.7.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin versions <= 1.1.5 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 1.1.5, update to a version greater than 1.1.5 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LWS Cleaner plugin versions prior to 2.3.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LWS LWS Tools plugin versions <= 2.4.1 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 2.4.1, update to a version higher than 2.4.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** unFocus Projects Scripts n Styles plugin versions <= 3.5.7 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For unFocus Projects Scripts n Styles plugin versions <= 3.5.7, update to a version higher than 3.5.7 to resolve the issue.