Michael

Name of the Vulnerable Software and Affected Versions Mediawiki - GrowthExperiments Extension versions 1.45.2, 1.44.4, and 1.43.7 Description The Mediawiki - GrowthExperiments Extension contains a flaw related to an infinite loop. This condition can be leveraged to create Time-of-Check and Time-of-Use (TOCTOU) race conditions. Recommendations Update to a newer version of the Mediawiki - GrowthExperiments Extension that addresses this issue.

**Name of the Vulnerable Software and Affected Versions** artbees JupiterX Core versions through 4.10.1 **Description** The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious code can be injected into web pages and executed by unsuspecting users. The vulnerability affects the application’s ability to properly handle user-supplied data, potentially leading to unauthorized actions or data breaches. The affected component is susceptible to attacks where an attacker can inject malicious scripts into the application through web pages. **Recommendations** Update artbees JupiterX Core to a version later than 4.10.1.

**Name of the Vulnerable Software and Affected Versions** Coderz Studio Custom iFrame for Elementor versions through 1.0.13 **Description** An issue exists in Coderz Studio Custom iFrame for Elementor that allows for DOM-Based Cross-site Scripting (XSS). The issue is due to improper neutralization of input during web page generation. This could allow an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update Coderz Studio Custom iFrame for Elementor to a version later than 1.0.13.

**Name of the Vulnerable Software and Affected Versions** WP Travel Engine versions through 1.4.2 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Cross-site Scripting (XSS). This specific instance is a Stored XSS issue, meaning malicious scripts can be stored on the target server and executed by other users. **Recommendations** Update WP Travel Engine to a version later than 1.4.2.

**Name of the Vulnerable Software and Affected Versions** Orbit Fox versions through 3.0.0 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Orbit Fox to a version later than 3.0.0.

Name of the Vulnerable Software and Affected Versions: WPBITS Addons For Elementor Page Builder versions n/a through 1.5 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting (XSS). Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ElementInvader Addons for Elementor versions 1.3.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. Recommendations: For ElementInvader Addons for Elementor versions 1.3.5 and earlier, update to a version later than 1.3.5 to resolve the issue. At the moment, there is no information about additional mitigation measures.

Name of the Vulnerable Software and Affected Versions: Lloyd Saunders Author Box After Posts versions 1.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For Lloyd Saunders Author Box After Posts versions 1.6 and earlier, update to a version that fixes this issue, as the current version allows for Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UltraAddons Elementor Lite versions prior to 2.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. Recommendations: For UltraAddons Elementor Lite versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: X Addons for Elementor versions 1.0.0 through 1.0.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or data theft. Recommendations: For X Addons for Elementor versions 1.0.0 through 1.0.14, update to a version later than 1.0.14 to resolve the issue. At the moment, there is no information about other mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** JupiterX Core versions through 4.8.11 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions through 4.8.11, update to a version that contains a fix for this issue, as using an affected version poses a significant risk due to the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cost Calculator for Elementor versions 1.3.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows for DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into the website, affecting users' sessions. **Recommendations** For versions 1.3.3 and earlier, update to a version that contains a fix for this issue, as using an affected version poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Pack Elementor addons versions n/a through 2.1.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in The Pack Elementor addons. **Recommendations** For versions n/a through 2.1.2, update to a version later than 2.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the affected addons to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mediawiki - Growth Experiments Extension versions 1.39 through 1.43 Description: The issue is related to Improper Input Validation in the Mediawiki - Growth Experiments Extension, which allows Cross-Site Scripting (XSS). Recommendations: For versions 1.39 through 1.43, update to a version that fixes the Improper Input Validation issue to prevent Cross-Site Scripting (XSS).

**Name of the Vulnerable Software and Affected Versions** LA-Studio Element Kit for Elementor versions 1.4.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For LA-Studio Element Kit for Elementor versions 1.4.9 and earlier, update to a version later than 1.4.9 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ultra Addons Lite for Elementor versions 1.1.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. **Recommendations** For Ultra Addons Lite for Elementor versions 1.1.8 and earlier, update to a version later than 1.1.8 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website and monitoring user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Piotnet Forms versions 1.0.0 through 1.0.30 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. **Recommendations** For versions 1.0.0 through 1.0.30, update to a version later than 1.0.30 to resolve the issue. At the moment, there is no information about other mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** Black Widgets For Elementor versions 1.3.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For versions 1.3.9 and earlier, update to a version later than 1.3.9 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aThemes Addons for Elementor versions 1.0.0 through 1.0.8 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions 1.0.0 through 1.0.8, update to a version later than 1.0.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** newseqo versions n/a through 2.1.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions n/a through 2.1.1, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.