Minhtuanact

**Name of the Vulnerable Software and Affected Versions** supsystic Easy Google Maps versions 1.11.17 and earlier **Description** The issue is related to an Improper Restriction of XML External Entity Reference vulnerability, which allows XML Injection. **Recommendations** For versions 1.11.17 and earlier, update to a version later than 1.11.17 to resolve the issue. As a temporary workaround, consider restricting the use of XML external entities in the Easy Google Maps plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Fonto versions 1.2.2 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This vulnerability allows for Path Traversal in the vlad.olaru Fonto software. **Recommendations** For Fonto versions 1.2.2 and earlier, consider restricting access to sensitive directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional validation and sanitization for user-inputted pathnames to prevent unauthorized access to restricted directories.

**Name of the Vulnerable Software and Affected Versions** Category Icon versions through 1.0.0 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the pixelgrade Category Icon. **Recommendations** For versions through 1.0.0, update to a version that fixes the Path Traversal issue to prevent unauthorized access to sensitive files. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TaxoPress WordPress Tag Cloud Plugin – Tag Groups versions prior to 2.0.4 **Description** The issue is related to improper neutralization of input during web page generation, allowing reflected Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into web pages. The problem affects the Tag Cloud plugin of WordPress, specifically the Tag Groups component. **Recommendations** For versions prior to 2.0.4, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Tag Cloud plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ViewMedica 9 plugin for WordPress versions up to, and including, 1.4.15 **Description** The issue is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page, making it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request. This can happen if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.4.15, update to a version higher than 1.4.15 to resolve the issue. As a temporary workaround, consider restricting access to the 'Viewmedica-Admin' page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BSK Forms Blacklist versions n/a through 3.9 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that allows Blind SQL Injection. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the extraction of sensitive data from the database without the user's knowledge. **Recommendations** For versions n/a through 3.9, update to a version later than 3.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive `BSK Forms Blacklist` functionalities until a patch is available. Avoid using the `BSK Forms Blacklist` module in critical operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Themefic Ultimate Addons for Contact Form 7 versions 3.2.6 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Themefic Ultimate Addons for Contact Form 7 versions 3.2.6 and earlier, update to a version later than 3.2.6 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Persian Woocommerce SMS versions 7.0.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability. This allows for Reflected XSS attacks. Recommendations: For versions 7.0.5 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dynamic Visibility for Elementor versions through 5.0.5 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions through 5.0.5, update to a version later than 5.0.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** wp3sixty Woo Custom Emails versions n/a through 2.2 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions n/a through 2.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlexaCRM Dynamics 365 Integration versions 1.3.13 and earlier **Description** The issue is related to a Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration, which allows exploiting incorrectly configured access control security levels. **Recommendations** For AlexaCRM Dynamics 365 Integration versions 1.3.13 and earlier, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VideoWhisper Live Streaming Integration versions n/a through 5.5.15 **Description** The issue is related to an OS Command Injection vulnerability due to improper neutralization of special elements used in an OS command. This allows for OS Command Injection, potentially enabling attackers to execute arbitrary commands on the affected system. **Recommendations** For versions n/a through 5.5.15, update to a version later than 5.5.15 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder versions 4.0.9.3 and earlier **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects the PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, and Form Builder. **Recommendations** For versions 4.0.9.3 and earlier, update to a version later than 4.0.9.3 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tribulant Slideshow Gallery LITE versions 1.7.6 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For versions 1.7.6 and earlier, update to a version later than 1.7.6 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress versions through 6.4.2 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For versions through 6.4.2, update to a version later than 6.4.2 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** affiliate-toolkit – WordPress Affiliate Plugin versions 3.3.9 and earlier **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects the affiliate-toolkit – WordPress Affiliate Plugin, allowing potential redirection to untrusted sites. **Recommendations** For versions 3.3.9 and earlier, update to a version later than 3.3.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Doofinder WP & WooCommerce Search versions 1.5.49 and earlier **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects Doofinder WP & WooCommerce Search, allowing redirection to untrusted sites. **Recommendations** For versions 1.5.49 and earlier, update to a version later than 1.5.49 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages versions 1.5.1.5 and earlier **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability allows an attacker to redirect users to untrusted sites. **Recommendations** For versions 1.5.1.5 and earlier, update to a version later than 1.5.1.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site versions n/a through 1.3.2 **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability allows an attacker to redirect users to untrusted sites. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions n/a through 1.3.2, update to a version later than 1.3.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libsyn Publisher Hub versions 1.4.4 and earlier **Description** The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access to it. **Recommendations** For Libsyn Publisher Hub versions 1.4.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.