Luc

**Name of the Vulnerable Software and Affected Versions** LMS Elementor Pro versions through 1.0.4 **Description** A privilege assignment issue exists in LMS Elementor Pro that could allow for privilege escalation. The issue allows an attacker to gain elevated privileges within the system. **Recommendations** Update LMS Elementor Pro to a version later than 1.0.4.

**Name of the Vulnerable Software and Affected Versions** EPC AI Hub versions 1.3.3 and earlier **Description** The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access or control over the server. **Recommendations** For EPC AI Hub versions 1.3.3 and earlier, consider restricting or disabling file upload functionality until a patch is available. As a temporary workaround, implement strict validation and sanitization of uploaded files to prevent the upload of malicious content.

**Name of the Vulnerable Software and Affected Versions** Chaty Pro versions n/a through 3.3.3 **Description** The issue affects Chaty Pro, allowing an attacker to upload malicious files that can be used to take control of a website. This is due to an Unrestricted Upload of File with Dangerous Type vulnerability, which enables the upload of a web shell to a web server. Thousands of WordPress sites are exposed to takeover. The estimated number of potentially affected devices worldwide is over 18,000 users. **Recommendations** For Chaty Pro versions n/a through 3.3.3, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the plugin to minimize the risk of takeover. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The issue affects Homey Login Register, with versions from n/a through 2.4.0, due to an Incorrect Privilege Assignment, allowing Privilege Escalation. An exploit for this issue is available, but details on how it is exploited are not provided here to avoid duplication. The affected software is Homey Login Register, with versions from n/a through 2.4.0 being impacted. #HomeyLoginRegister #PrivilegeEscalation #cybersecurity #NotFound #PrivilegeAssignment

Name of the Vulnerable Software and Affected Versions: Easy Real Estate versions n/a through 2.2.6 Description: The issue affects Easy Real Estate, allowing privilege escalation due to an incorrect privilege assignment vulnerability. This vulnerability enables an attacker to log in as an administrator without a password. Recommendations: For versions n/a through 2.2.6, update to a version later than 2.2.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sweet Date versions 3.7.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the Sweet Date WordPress theme, which could expose thousands of sites to potential takeovers. This vulnerability may allow unauthorized access, potentially leading to site compromises. The estimated number of potentially affected devices worldwide is not explicitly stated, but it is mentioned that thousands of sites could be exposed. **Recommendations** For Sweet Date versions 3.7.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Houzez Login Register versions 3.2.5 and earlier **Description** A Privilege Escalation issue has been identified in the Houzez Login Register plugin. **Recommendations** For Houzez Login Register versions 3.2.5 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Houzez versions 3.2.4 and earlier **Description** The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation in Houzez. **Recommendations** For Houzez versions 3.2.4 and earlier, update to a version later than 3.2.4 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxiz versions 2.3.5 and earlier **Description** A Server-Side Request Forgery (SSRF) vulnerability has been identified in Theme-Ruby Foxiz. This issue allows for unauthorized access to internal resources, potentially leading to sensitive data exposure or other malicious activities. **Recommendations** For Foxiz versions 2.3.5 and earlier, update to a version later than 2.3.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chauffeur Taxi Booking System for WordPress versions n/a through 6.9 **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists (ACLs). This means that certain features or data may be accessible without the necessary permissions, potentially leading to unauthorized access or actions. **Recommendations** For versions n/a through 6.9, update to a version that properly constrains functionality with ACLs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Repute Infosystems ARMember versions 4.0.28 and earlier **Description** The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 4.0.28 and earlier, update to a version later than 4.0.28 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kadence WP Gutenberg Blocks versions through 3.2.25 **Description** A Server-Side Request Forgery (SSRF) issue affects the software, allowing unauthorized access to internal resources. This can lead to sensitive data exposure or other malicious activities. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions through 3.2.25, update to a version later than 3.2.25 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** QuanticaLabs Chauffeur Taxi Booking System for WordPress versions n/a through 7.2 **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Chauffeur Taxi Booking System for WordPress. **Recommendations** For versions n/a through 7.2, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OxyExtras versions 1.4.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. **Recommendations** For OxyExtras versions 1.4.4 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.