Kyle Sanchez

**Name of the Vulnerable Software and Affected Versions** weForms versions 1.6.20 and earlier **Description** A Missing Authorization issue has been identified. This issue allows unauthorized access. The estimated number of potentially affected devices is not specified. **Recommendations** For weForms versions 1.6.20 and earlier, update to a version later than 1.6.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RegistrationMagic versions through 5.2.5.0 **Description** The issue is related to an Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic, allowing for Functionality Misuse. **Recommendations** For versions through 5.2.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wp Ultimate Review versions 2.2.5 and earlier **Description** The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability, allowing functionality bypass in Wpmet Wp Ultimate Review. **Recommendations** For versions 2.2.5 and earlier, update to a version later than 2.2.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CodePeople CP Polls versions 1.0.71 and earlier **Description** The issue is related to an Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls, which allows Flooding. **Recommendations** For versions 1.0.71 and earlier, update to a version that fixes this issue, as the current version allows for flooding due to improper control of interaction frequency. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodePeople CP Polls versions 1.0.71 and earlier **Description** The issue is related to an Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS, which allows Code Injection. This means that an attacker could potentially inject malicious code into a web page, leading to various security issues. **Recommendations** For CodePeople CP Polls versions 1.0.71 and earlier, as a temporary workaround, consider disabling any functionality that allows user input to be directly injected into web pages until a patch is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** weForms versions 1.6.20 and earlier **Description** The issue is related to a Client-Side Enforcement of Server-Side Security vulnerability in weForms, which allows the removal of important client functionality. **Recommendations** For weForms versions 1.6.20 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Guido VS Contact Form versions prior to 14.7 **Description** A Guessable CAPTCHA vulnerability in Guido VS Contact Form allows functionality bypass. **Recommendations** For Guido VS Contact Form versions prior to 14.7, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Metagauss ProfileGrid versions through 5.8.2 **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts, allowing the removal of important client functionality. **Recommendations** For Metagauss ProfileGrid versions through 5.8.2, update to a version later than 5.8.2 to resolve the issue. As a temporary workaround, consider restricting access to authentication mechanisms to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Post Author versions 3.6.4 and earlier **Description** The issue is related to a Missing Authorization vulnerability in AF themes WP Post Author. **Recommendations** For WP Post Author versions 3.6.4 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Post Author versions 3.6.4 and earlier **Description** The issue is related to a Missing Authorization vulnerability in AF themes WP Post Author. **Recommendations** For WP Post Author versions 3.6.4 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metagauss ProfileGrid versions through 5.7.9 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. **Recommendations** For versions through 5.7.9, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rate my Post – WP Rating System versions 3.4.4 and earlier **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability in the FeedbackWP Rate my Post – WP Rating System. **Recommendations** For versions 3.4.4 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metagauss ProfileGrid versions through 5.7.9 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. **Recommendations** For versions through 5.7.9, update to a version later than 5.7.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wp Ultimate Review versions 2.2.5 and earlier **Description** A Missing Authorization issue affects the specified software. **Recommendations** For versions 2.2.5 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wp Ultimate Review versions 2.2.5 and earlier **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. **Recommendations** For versions 2.2.5 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Plechev Andrey WP-Recall versions through 16.26.5 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions through 16.26.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metagauss ProfileGrid versions through 5.7.6 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. **Recommendations** For versions through 5.7.6, update to a version later than 5.7.6 to resolve the issue. At the moment, there is no information about other mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** Thumbs Rating versions 5.1.0 and earlier **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Thumbs Rating software. **Recommendations** For Thumbs Rating versions 5.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kunal Nagar Custom 404 Pro versions 3.10.0 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions 3.10.0 and earlier, update to a version later than 3.10.0 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website. Avoid using potentially vulnerable functions or parameters that may allow stored XSS until the issue is resolved. At the moment, there is no other information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** WP Photo Album Plus versions through 8.5.02.005 **Description** The issue is related to an Authorization Bypass Through User-Controlled Key. This allows for unauthorized access. **Recommendations** For WP Photo Album Plus versions through 8.5.02.005, update to a version later than 8.5.02.005 to resolve the issue.