Logan Cote

**Name of the Vulnerable Software and Affected Versions** bPlugins B Blocks - The ultimate block collection versions n/a through 2.0.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For versions n/a through 2.0.0, update to a version later than 2.0.0 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious script injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** bPlugins Business Card Block versions 1.0.0 through 1.0.5 **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. Specifically, it is a Stored XSS vulnerability in the bPlugins Business Card Block. **Recommendations** For versions 1.0.0 through 1.0.5, update to a version that contains a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** bPlugins Services Section block versions 1.3.4 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability in the Services Section block. This allows for malicious scripts to be stored and executed, potentially affecting users of the block. **Recommendations** For versions 1.3.4 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** bPlugins Team Section Block versions 1.0.0 through 1.0.9 **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious scripts that can be executed by other users, potentially leading to unauthorized actions or data theft. **Recommendations** For versions 1.0.0 through 1.0.9, update to a version that contains a fix for this issue, as using the current version poses a significant risk due to the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bPlugins Sticky Content versions n/a through 1.0.1 **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. Specifically, it is a Stored XSS vulnerability in the bPlugins Sticky Content plugin. **Recommendations** For versions n/a through 1.0.1, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** bPlugins Icon List Block versions 1.1.3 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. This allows for Stored XSS attacks. **Recommendations** For bPlugins Icon List Block versions 1.1.3 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** bPlugins Countdown Timer versions 1.2.6 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. This allows for Stored XSS attacks. **Recommendations** For versions 1.2.6 and earlier, update to a version later than 1.2.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** bPlugins Counters Block versions 1.1.2 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. This allows for Stored XSS attacks. **Recommendations** For bPlugins Counters Block versions 1.1.2 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Info Cards – Gutenberg block for creating Beautiful Cards versions 1.0.0 through 1.0.5 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions 1.0.0 through 1.0.5, update to a version later than 1.0.5 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: bPlugins Timeline Block versions n/a through 1.1.1 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. Recommendations: For versions n/a through 1.1.1, update to a version that fixes the Stored XSS issue to prevent exploitation. As a temporary workaround, consider restricting access to the Timeline Block feature until a patch is available. Avoid using user-inputted data in the Timeline Block without proper validation and sanitization to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FAQ Builder AYS versions 1.7.3 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS attacks. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For versions 1.7.3 and earlier, update to a version that fixes this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.