Lisa)

**Name of the Vulnerable Software and Affected Versions** Themefic Ultimate Addons for Contact Form 7 versions 3.1.23 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For Themefic Ultimate Addons for Contact Form 7 versions 3.1.23 and earlier, update to a version later than 3.1.23 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** MagePeople Team WpBusTicketly plugin versions prior to 5.2.6 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. **Recommendations** For versions prior to 5.2.6, update to version 5.2.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zero Spam for WordPress versions through 5.4.4 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which can be exploited by attackers. **Recommendations** For versions through 5.4.4, update to a version later than 5.4.4 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alex Raven WP Report Post plugin versions <= 2.1.2 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This allows for malicious scripts to be injected into a website, potentially leading to unauthorized actions. **Recommendations** For versions <= 2.1.2, update to a version higher than 2.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Fotomoto plugin versions <= 1.2.8 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 1.2.8, update to a version higher than 1.2.8 to resolve the issue. As a temporary workaround, consider restricting access to the Fotomoto plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simon Chuang WP LINE Notify plugin versions 1.4.4 and earlier **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For Simon Chuang WP LINE Notify plugin versions 1.4.4 and earlier, update to a version later than 1.4.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Blindside Networks BigBlueButton plugin versions <= 3.0.0-beta.4 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 3.0.0-beta.4, update to a version later than 3.0.0-beta.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Solwin Infotech Responsive WordPress Slider – Avartan Slider Lite plugin versions <= 1.5.3 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 1.5.3, update to a version higher than 1.5.3 to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the plugin's settings to minimize the risk of exploitation. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** ImageRecycle ImageRecycle pdf & image compression plugin versions <= 3.1.10 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 3.1.10, update to a version higher than 3.1.10 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available. Avoid using the plugin for sensitive operations until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** A. R. Jones Featured Image Pro Post Grid plugin versions <= 5.14 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions <= 5.14, update to a version higher than 5.14 to resolve the issue. At the moment, there is no information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** WP Trio Stock Sync for WooCommerce plugin versions <= 2.4.0 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For WP Trio Stock Sync for WooCommerce plugin versions <= 2.4.0, update to a version higher than 2.4.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeFlavors Vimeotheque: Vimeo WordPress Plugin versions 2.2.1 and earlier **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions 2.2.1 and earlier, update to a version later than 2.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin versions <= 5.4.5 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website without needing authentication, potentially allowing them to steal user data or take control of user sessions. **Recommendations** For versions <= 5.4.5, update to a version greater than 5.4.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the plugin until a patch is available. Avoid using the plugin's affiliate tracking features in sensitive contexts until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** EaSYNC plugin versions prior to 1.3.8 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For EaSYNC plugin versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue.