Marek Mikita

**Name of the Vulnerable Software and Affected Versions** myCred versions n/a through 2.9.4.2 **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For versions n/a through 2.9.4.2, update to a version that contains a fix for this issue, as the current version allows unauthorized access to certain functionality.

Name of the Vulnerable Software and Affected Versions: kilbot WooCommerce POS versions 1.7.8 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For kilbot WooCommerce POS versions 1.7.8 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CyberChimps Gutenberg & Elementor Templates Importer For Responsive versions 3.1.9 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. **Recommendations** For versions 3.1.9 and earlier, update to a version later than 3.1.9 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cozy Blocks versions through 2.1.22 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions through 2.1.22, update to a version later than 2.1.22 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Royal Elementor Addons versions 1.7.1006 and earlier **Description** A Server-Side Request Forgery (SSRF) issue affects the software, allowing for Server Side Request Forgery. **Recommendations** For Royal Elementor Addons versions 1.7.1006 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** webdevstudios Automatic Featured Images from Videos versions 1.2.4 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.2.4 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided.

**Name of the Vulnerable Software and Affected Versions** Wombat Plugins WP Optin Wheel versions 1.4.7 and earlier **Description** The issue is related to a Server-Side Request Forgery (SSRF) vulnerability, which allows for Server Side Request Forgery. This means an attacker can potentially force the server to make unauthorized requests. **Recommendations** For versions 1.4.7 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XpeedStudio Metform versions 3.9.2 and earlier **Description** The issue is related to a Server-Side Request Forgery (SSRF) vulnerability, which allows for Server Side Request Forgery. **Recommendations** For versions 3.9.2 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Rameez Iqbal Real Estate Manager versions n/a through 7.3 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts, which allows for Password Brute Forcing. This means that an attacker can attempt to guess a password multiple times without being restricted, potentially leading to unauthorized access. Recommendations: For versions n/a through 7.3, update to a version that includes a fix for this issue, as the current version allows for excessive authentication attempts, enabling password brute forcing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** slaFFik BuddyPress Groups Extras versions 3.6.10 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) problem, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user into performing an unintended action on a web application that the user is authenticated to. **Recommendations** For versions 3.6.10 and earlier, update to a version later than 3.6.10 to resolve the issue. As a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions.

**Name of the Vulnerable Software and Affected Versions** DLX Plugins Comment Edit Core – Simple Comment Editing versions through 3.0.33 **Description** A Server-Side Request Forgery (SSRF) issue affects the software, allowing for Server Side Request Forgery. **Recommendations** For versions through 3.0.33, update to a version later than 3.0.33 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** RSTheme Ultimate Coming Soon & Maintenance versions 1.0.0 through 1.0.9 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. **Recommendations** For versions 1.0.0 through 1.0.9, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RSTheme Ultimate Coming Soon & Maintenance versions 1.0.0 through 1.0.9 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. **Recommendations** For versions 1.0.0 through 1.0.9, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HasThemes Extensions For CF7 versions 3.2.0 and earlier **Description** The issue is a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to perform Server Side Request Forgery. **Recommendations** For versions 3.2.0 and earlier, update to a version later than 3.2.0 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kiboko Labs Chained Quiz versions 1.3.2.9 and earlier **Description** A Server-Side Request Forgery (SSRF) issue allows for server-side request forgery. This issue may potentially be exploited to access internal resources or conduct further attacks. **Recommendations** For versions 1.3.2.9 and earlier, update to a version that fixes this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hestia Nginx Cache versions through 2.4.0 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For versions through 2.4.0, update to a version that includes the fix for this issue, as the current version does not properly enforce access control security levels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Menu Image versions through 2.2 **Description** The issue is related to a Missing Authorization vulnerability in WP Menu Image, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions through 2.2, update to a version that contains a fix for this issue, as no specific workaround or mitigation measures are provided.

Name of the Vulnerable Software and Affected Versions: Jozoor Arabic Webfonts versions 1.4.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This vulnerability can be exploited due to missing authorization in Jozoor Arabic Webfonts, affecting the security of the system. Recommendations: For Jozoor Arabic Webfonts versions 1.4.6 and earlier, consider restricting access to sensitive areas of the system until a patch or fix is available. As a temporary workaround, review and correct the configuration of access control security levels to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Pixelgrade PixProof versions prior to 2.0.1 Description: The issue is related to a missing authorization vulnerability in Pixelgrade PixProof, which allows accessing functionality not properly constrained by Access Control Lists (ACLs). This means that certain features or areas of the software are not correctly restricted, potentially allowing unauthorized access. Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive functionality and ensuring that ACLs are properly configured to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Online Booking & Scheduling Calendar for WordPress by vcita versions n/a through 4.5 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. Recommendations: For versions n/a through 4.5, as a temporary workaround, consider implementing proper CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.