Le Ngoc Anh

Name of the Vulnerable Software and Affected Versions: GoodBarber versions n/a through 1.0.26 Description: The software contains a URL Redirection to Untrusted Site ('Open Redirect') issue. This allows an attacker to redirect users to a malicious website. Recommendations: Update GoodBarber to a version later than 1.0.26.

**Name of the Vulnerable Software and Affected Versions** Glamer versions through 1.0.2 **Description** The software contains an Improper Control of Filename for Include/Require Statement, specifically a PHP Local File Inclusion issue. **Recommendations** Update to a version beyond 1.0.2.

**Name of the Vulnerable Software and Affected Versions** Unfoldwp Magazine Saga versions through 1.2.7 **Description** The software contains an Improper Control of Filename for Include/Require Statement ('PHP Remote File Inclusion') issue, allowing PHP Local File Inclusion. **Recommendations** Update Unfoldwp Magazine Saga to a version later than 1.2.7.

**Name of the Vulnerable Software and Affected Versions** BlogMarks versions n/a through 1.0.8 **Description** A PHP Local File Inclusion issue exists in WPInterface BlogMarks due to improper control of filename for include/require statements. This allows for potential exploitation through PHP Remote File Inclusion. **Recommendations** Update BlogMarks to a version later than 1.0.8.

**Name of the Vulnerable Software and Affected Versions** Unfoldwp Magazine Elite versions through 1.2.4 **Description** The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue, which allows for PHP Local File Inclusion. **Recommendations** Update Unfoldwp Magazine Elite to a version later than 1.2.4.

**Name of the Vulnerable Software and Affected Versions** Unfoldwp Magazine versions through 1.2.2 **Description** The software contains an Improper Control of Filename for Include/Require Statement, leading to a PHP Local File Inclusion issue. **Recommendations** Update Unfoldwp Magazine to a version later than 1.2.2.

Name of the Vulnerable Software and Affected Versions: WP SmartPay versions 2.7.13 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing authentication abuse. Recommendations: For WP SmartPay versions 2.7.13 and earlier, update to a version later than 2.7.13 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TrackShip for WooCommerce versions 1.9.1 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 1.9.1 and earlier, update to a version later than 1.9.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Climax Themes Kata Plus versions 1.5.2 and earlier **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection. **Recommendations** For Climax Themes Kata Plus versions 1.5.2 and earlier, update to a version later than 1.5.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RadiusTheme Classified Listing versions n/a through 4.0.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions. **Recommendations** For versions n/a through 4.0.1, update to a version later than 4.0.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rating by BestWebSoft versions 1.7 and earlier **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection. **Recommendations** For versions 1.7 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP-Hijri versions 1.5.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For WP-Hijri versions 1.5.3 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting user input to prevent malicious code injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PickPlugins Wishlist versions 1.0.0 through 1.0.39 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions 1.0.0 through 1.0.39, update to a version newer than 1.0.39 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Claire Ryan Author Showcase versions 1.4.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions or data theft. **Recommendations** For Claire Ryan Author Showcase versions 1.4.3 and earlier, update to a version that includes a fix for this issue, as using an outdated version poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quentn WP versions 1.2.8 and earlier **Description** The issue is related to an SQL Injection flaw, which is caused by the improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 1.2.8 and earlier, update to a newer version to ensure cyber security. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rico Macchi WP Featured Screenshot versions 1.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For Rico Macchi WP Featured Screenshot versions 1.3 and earlier, update to a version that addresses the Cross-site Scripting issue to prevent Reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hamburger Icon Menu Lite versions 1.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of the user's session. **Recommendations** For Hamburger Icon Menu Lite versions 1.0 and earlier, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KiotViet Sync versions 1.8.3 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 1.8.3 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Quentn WP versions 1.2.8 and earlier **Description** The issue is related to weak authentication, allowing privilege escalation. **Recommendations** For Quentn WP versions 1.2.8 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arigato Autoresponder and Newsletter versions n/a through 2.7.2.4 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions. **Recommendations** For versions n/a through 2.7.2.4, update to a version later than 2.7.2.4 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website.