Lvt-Tholv2K

**Name of the Vulnerable Software and Affected Versions** Anchor smooth scroll versions through 1.0.2 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update Anchor smooth scroll to a version newer than 1.0.2.

**Name of the Vulnerable Software and Affected Versions** XLPlugins NextMove Lite versions through 2.21.0 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting (XSS). This issue is present in the 'woo-thank-you-page-nextmove-lite' component. The vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users. The affected component is susceptible to exploitation through crafted input. **Recommendations** Update XLPlugins NextMove Lite to a version newer than 2.21.0.

**Name of the Vulnerable Software and Affected Versions** RadiusTheme Testimonial Slider And Showcase Pro versions through 2.1.7 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update RadiusTheme Testimonial Slider And Showcase Pro to a version newer than 2.1.7.

**Name of the Vulnerable Software and Affected Versions** ThimPress WP Pipes versions through 1.4.3 **Description** The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as a Path Traversal issue. This allows an attacker to potentially access files and directories outside the intended scope. **Recommendations** Update ThimPress WP Pipes to a version later than 1.4.3.

**Name of the Vulnerable Software and Affected Versions** Daman Jeet Finale Lite versions through 2.20.0 **Description** The software contains a flaw related to improper input handling during web page creation, which can lead to Reflected Cross-site Scripting (XSS). This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is susceptible to exploitation through crafted input. **Recommendations** Update Daman Jeet Finale Lite to a version newer than 2.20.0.

**Name of the Vulnerable Software and Affected Versions** ThimPress LearnPress Export Import versions through 4.0.9 **Description** The LearnPress Export Import component contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-Site Scripting (XSS). This issue could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is `learnpress-import-export`. **Recommendations** Update to a version newer than 4.0.9.

**Name of the Vulnerable Software and Affected Versions** Easy Elementor Addons versions through 2.2.8 **Description** An issue exists in hashthemes Easy Elementor Addons that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This can potentially lead to unauthorized access and execution of files on the system. **Recommendations** Update Easy Elementor Addons to a version later than 2.2.8.

**Name of the Vulnerable Software and Affected Versions** InPost Gallery versions through 2.1.4.5 **Description** The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update InPost Gallery to a version later than 2.1.4.5.

**Name of the Vulnerable Software and Affected Versions** jbhovik Ray Enterprise Translation versions through 1.7.1 **Description** A missing authorization flaw exists in jbhovik Ray Enterprise Translation, stemming from incorrectly configured access control security levels. **Recommendations** Update jbhovik Ray Enterprise Translation to a version beyond 1.7.1.

**Name of the Vulnerable Software and Affected Versions** CodeYatri Gutenify versions through 1.5.6 **Description** The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue, which allows for PHP Local File Inclusion. **Recommendations** Update CodeYatri Gutenify to a version later than 1.5.6.

Name of the Vulnerable Software and Affected Versions: ThimPress WP Pipes versions through 1.4.3 Description: This issue involves improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition in ThimPress WP Pipes. Recommendations: Update ThimPress WP Pipes to a version later than 1.4.3.

Name of the Vulnerable Software and Affected Versions: SEOPress for MainWP versions through 1.4 Description: This issue involves improper control of filename handling for include/require statements in the PHP program, leading to a PHP Local File Inclusion. Recommendations: Update SEOPress for MainWP to a version later than 1.4.

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder versions through 3.11.1 Description: This issue involves an improper control of filename for include/require statements in PHP programs, specifically a PHP Local File Inclusion vulnerability within FunnelKit Funnel Builder. Recommendations: Update FunnelKit Funnel Builder to a version beyond 3.11.1.

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions through 2.15.4 Description: The software contains an improper control of filename for include/require statements, leading to a PHP local file inclusion issue. Recommendations: Update Cozmoslabs Paid Member Subscriptions to a version later than 2.15.4.

Name of the Vulnerable Software and Affected Versions: nK Ghost Kit versions through 3.4.1 Description: This issue involves improper control of filename handling for Include/Require statements in PHP programs, specifically a PHP Remote File Inclusion vulnerability that allows for PHP Local File Inclusion. Recommendations: Versions prior to 3.4.1 are affected.

Name of the Vulnerable Software and Affected Versions: Saleswonder Team Tobias CF7 WOW Styler versions through 1.7.2 Description: The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: RadiusTheme Widget for Google Reviews versions through 1.0.15 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. Recommendations: Update RadiusTheme Widget for Google Reviews to a version later than 1.0.15.

Name of the Vulnerable Software and Affected Versions: WP Travel WP Travel Gutenberg Blocks versions through 3.9.0 Description: WP Travel WP Travel Gutenberg Blocks is susceptible to a PHP Local File Inclusion due to an Improper Control of Filename for Include/Require Statement. This allows for the inclusion of local files in PHP. Recommendations: Update WP Travel WP Travel Gutenberg Blocks to a version later than 3.9.0.

Name of the Vulnerable Software and Affected Versions: Realtyna Organic IDX plugin versions through 5.0.0 Description: A Cross-Site Request Forgery (CSRF) vulnerability exists in the Realtyna Organic IDX plugin, allowing for PHP Local File Inclusion. Recommendations: Update Realtyna Organic IDX plugin to a version later than 5.0.0.

Name of the Vulnerable Software and Affected Versions: RealMag777 Google Map Targeting versions through 1.1.6 Description: This issue involves an improper control of filename for include/require statements in PHP programs, specifically a PHP Local File Inclusion in RealMag777 Google Map Targeting. Recommendations: Update RealMag777 Google Map Targeting to a version later than 1.1.6.