Manab Jyoti Dowarah

Name of the Vulnerable Software and Affected Versions: Sprout Invoices Client Invoicing by Sprout Invoices versions through 20.8.0 Description: The issue is related to a Missing Authorization vulnerability. This allows for unauthorized access. Recommendations: For versions through 20.8.0, update to a version later than 20.8.0 to resolve the issue. At the moment, there is no information about other mitigation measures for this issue.

Name of the Vulnerable Software and Affected Versions: WPCasa versions 1.2.13 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions 1.2.13 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ProfileGrid versions through 5.8.7 **Description** The issue is related to a Missing Authorization vulnerability in ProfileGrid User Profiles, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For versions through 5.8.7, update to a version later than 5.8.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the ProfileGrid User Profiles to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Arraytics Timetics versions 1.0.0 through 1.0.21 **Description** The issue is related to a Missing Authorization vulnerability in Arraytics Timetics, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For versions 1.0.0 through 1.0.21, update to a version newer than 1.0.21 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Noptin versions through 3.4.2 **Description** The issue is related to a Missing Authorization vulnerability in Noptin Newsletter, where functionality is not properly constrained by ACLs, allowing unauthorized access. **Recommendations** For versions through 3.4.2, update to a version later than 3.4.2 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** CRM Perks Forms versions 1.1.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For CRM Perks Forms versions 1.1.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Charitable versions 1.8.1.7 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For Charitable versions 1.8.1.7 and earlier, update to a version that properly constrains functionality with ACLs to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Kiboko Labs Chained Quiz versions 1.3.2.8 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.3.2.8 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Sunshine Sunshine Photo Cart versions 3.2.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WP Sunshine Sunshine Photo Cart versions 3.2.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Roundup WP Registrations for the Events Calendar versions 2.12.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 2.12.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nCrafts FormCraft versions 1.2.10 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.2.10 and earlier, update to a version that contains a fix for this issue, as the current version has incorrectly configured access control security levels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ReviewX versions 1.6.28 and earlier **Description** The issue is related to missing authorization in ReviewX, allowing exploitation of incorrectly configured access control security levels. This enables accessing functionality not properly constrained by ACLs. **Recommendations** For ReviewX versions 1.6.28 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arraytics Timetics versions 1.0.0 through 1.0.23 **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For versions 1.0.0 through 1.0.23, update to a version that properly constrains functionality with ACLs to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bit Form – Contact Form Plugin versions n/a through 2.13.10 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in the Bit Form – Contact Form Plugin. **Recommendations** For versions n/a through 2.13.10, update to a version later than 2.13.10 to resolve the issue. As a temporary workaround, consider restricting user input in the contact form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Propovoice CRM versions 1.7.6.4 and earlier **Description** The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability may be exploited through an Insecure Direct Object Reference (IDOR). There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 1.7.6.4 and earlier, update to a version that contains a fix for this issue, as no specific workaround or mitigation measures are provided in the input data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Antoine Hurkmans Football Pool versions n/a through 2.11.9 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, where an attacker can inject malicious scripts into the web page, potentially affecting users who access the page. **Recommendations** For versions n/a through 2.11.9, update to a version later than 2.11.9 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chained Quiz versions 1.3.2.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.3.2.8 and earlier, update to a version that fixes this issue, as the current version is affected by Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Travel Engine versions n/a through 5.9.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For WP Travel Engine versions n/a through 5.9.1, update to a version later than 5.9.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Xylus Themes WP Event Aggregator versions 1.7.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.7.9 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CodePeople WP Time Slots Booking Form versions 1.2.11 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the CodePeople WP Time Slots Booking Form. **Recommendations** For versions 1.2.11 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.