Kursat Cetin

**Name of the Vulnerable Software and Affected Versions** Sweet Date versions 3.7.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the Sweet Date WordPress theme, which could expose thousands of sites to potential takeovers. This vulnerability may allow unauthorized access, potentially leading to site compromises. The estimated number of potentially affected devices worldwide is not explicitly stated, but it is mentioned that thousands of sites could be exposed. **Recommendations** For Sweet Date versions 3.7.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxiz versions 2.3.5 and earlier **Description** A Server-Side Request Forgery (SSRF) vulnerability has been identified in Theme-Ruby Foxiz. This issue allows for unauthorized access to internal resources, potentially leading to sensitive data exposure or other malicious activities. **Recommendations** For Foxiz versions 2.3.5 and earlier, update to a version later than 2.3.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chauffeur Taxi Booking System for WordPress versions n/a through 6.9 **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists (ACLs). This means that certain features or data may be accessible without the necessary permissions, potentially leading to unauthorized access or actions. **Recommendations** For versions n/a through 6.9, update to a version that properly constrains functionality with ACLs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Repute Infosystems ARMember versions 4.0.28 and earlier **Description** The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 4.0.28 and earlier, update to a version later than 4.0.28 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kadence WP Gutenberg Blocks versions through 3.2.25 **Description** A Server-Side Request Forgery (SSRF) issue affects the software, allowing unauthorized access to internal resources. This can lead to sensitive data exposure or other malicious activities. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions through 3.2.25, update to a version later than 3.2.25 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** QuanticaLabs Chauffeur Taxi Booking System for WordPress versions n/a through 7.2 **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Chauffeur Taxi Booking System for WordPress. **Recommendations** For versions n/a through 7.2, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OxyExtras versions 1.4.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. **Recommendations** For OxyExtras versions 1.4.4 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.