Lourcode

**Name of the Vulnerable Software and Affected Versions** OpenVPN Connect versions 3.0 through 3.4.6 **Description** The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the `DYLD INSERT LIBRARIES` environment variable. This can enable local users to execute code in external third-party libraries. **Recommendations** For OpenVPN Connect versions 3.0 through 3.4.6, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the `DYLD INSERT LIBRARIES` environment variable until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CodeBard's Patron Button and Widgets for Patreon plugin versions <= 2.1.8 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions <= 2.1.8, update to a version higher than 2.1.8 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available. Avoid using the plugin in sensitive environments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Katie Seaborn Zotpress plugin versions <= 7.3.3 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Katie Seaborn Zotpress plugin versions <= 7.3.3, update to a version higher than 7.3.3 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** FooGallery plugin versions <= 2.2.35 **Description** The issue exists due to insufficient protection of the web page structure in the foogallery image editor modal function of the FooGallery plugin for WordPress. This allows a remote attacker to conduct cross-site scripting attacks. The estimated number of potentially affected devices is not specified. **Recommendations** For FooGallery plugin versions <= 2.2.35, update to a version higher than 2.2.35 to resolve the issue. As a temporary workaround, consider restricting access to the foogallery image editor modal function to minimize the risk of exploitation.