Lokesh Dachepalli

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to a lack of output escaping in the `id` attribute of menu lists. This could potentially lead to issues where user input is not properly sanitized, although specific details about exploitation or affected devices are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bodi0's Easy cache plugin for WordPress versions up to, and including, 0.8 **Description** The vulnerability is a Stored Cross-Site Scripting issue via the `cache-folder` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The issue only affects multi-site installations and installations where unfiltered html has been disabled. **Recommendations** For versions up to, and including, 0.8, consider disabling the `cache-folder` parameter until a patch is available to prevent exploitation. Restrict access to the Easy Cache plugin to minimize the risk of exploitation, especially in multi-site installations and where unfiltered html has been disabled. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WattIsIt PayGreen – Ancienne version plugin versions <= 4.10.2 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For WattIsIt PayGreen – Ancienne version plugin versions <= 4.10.2, update to a version higher than 4.10.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin versions <= 1.0.2 **Description** A Cross-Site Request Forgery (CSRF) issue affects the specified plugin, allowing unauthorized actions to be performed on behalf of a user without their knowledge. **Recommendations** For versions <= 1.0.2, update to a version higher than 1.0.2 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** CPT Shortcode Generator plugin versions prior to 1.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin or higher privileges. **Recommendations** For versions prior to 1.1, update to version 1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Anurag Deshmukh CPT Shortcode Generator plugin versions 1.0 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Anurag Deshmukh CPT Shortcode Generator plugin versions 1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Buildfail Localize Remote Images plugin versions 1.0.9 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For versions 1.0.9 and earlier, update to a version later than 1.0.9 to resolve the issue. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPZest Custom Admin Login Page | WPZest plugin versions 1.2.0 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects the WPZest Custom Admin Login Page plugin. This vulnerability requires authentication with admin+ privileges. **Recommendations** For WPZest Custom Admin Login Page | WPZest plugin versions 1.2.0 and earlier, update to a version later than 1.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the admin login page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** weebotLite plugin versions prior to 1.0.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects the weebotLite plugin. This vulnerability requires authentication with admin+ privileges. **Recommendations** For versions prior to 1.0.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin versions 1.0.2 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions 1.0.2 and earlier, update to a version later than 1.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Eggemplo Gestion-Pymes plugin versions <= 1.5.6 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Eggemplo Gestion-Pymes plugin. **Recommendations** For Eggemplo Gestion-Pymes plugin versions <= 1.5.6, update to a version higher than 1.5.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Reservation.Studio Reservation.Studio widget plugin versions 1.0.11 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Reservation.Studio Reservation.Studio widget plugin. This issue allows for malicious requests to be made on behalf of a user without their knowledge or consent. **Recommendations** For versions 1.0.11 and earlier, update to a version later than 1.0.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kamyabsoft Chat Bee plugin versions prior to 1.1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Kamyabsoft Chat Bee plugin versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CodeSolz Easy Ad Manager plugin versions prior to 1.0.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions prior to 1.0.0, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mehjabin Orthi Interactive SVG Image Map Builder plugin versions <= 1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Mehjabin Orthi Interactive SVG Image Map Builder plugin. **Recommendations** For Mehjabin Orthi Interactive SVG Image Map Builder plugin versions <= 1.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.