László Radnai

**Name of the Vulnerable Software and Affected Versions** Glaze Blog Lite versions 1.1.4 and earlier Fascinate version 1.0.8 Cream Blog version 2.1.3 Cream Magazine version 2.1.4 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. **Recommendations** For Glaze Blog Lite versions 1.1.4 and earlier, update to a version later than 1.1.4. For Fascinate version 1.0.8, update to a version later than 1.0.8. For Cream Blog version 2.1.3, update to a version later than 2.1.3. For Cream Magazine version 2.1.4, update to a version later than 2.1.4.

**Name of the Vulnerable Software and Affected Versions** Wishfulthemes Raise Mag versions 1.0.0 through 1.0.7 Wishfulthemes Wishful Blog versions 1.0.0 through 2.0.1 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting (XSS). Specifically, it allows Reflected XSS. **Recommendations** For Wishfulthemes Raise Mag versions 1.0.0 through 1.0.7, update to a version later than 1.0.7 to resolve the issue. For Wishfulthemes Wishful Blog versions 1.0.0 through 2.0.1, update to a version later than 2.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Everest News Pro theme versions 1.1.7 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows for the execution of malicious scripts on the client-side, potentially leading to unauthorized actions. **Recommendations** For versions 1.1.7 and earlier, update to a version later than 1.1.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the theme to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Everest Themes Arya Multipurpose Pro theme versions 1.0.8 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions. **Recommendations** For versions 1.0.8 and earlier, update to a version later than 1.0.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Everest News theme versions prior to 1.1.0 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker could potentially inject malicious scripts into a website using the Everest News theme, which could then be executed by users' browsers. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Everest themes Mocho Blog theme versions 1.0.4 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Everest Themes Arya Multipurpose theme versions 1.0.5 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions 1.0.5 and earlier, update to a version later than 1.0.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Everest themes Viable Blog theme versions <= 1.1.4 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 1.1.4, update to a version higher than 1.1.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.