Mostafa Farzaneh

**Name of the Vulnerable Software and Affected Versions** Calendar Event Multi View WordPress plugin versions prior to 1.4.07 **Description** The issue concerns a lack of authorization and CSRF checks when creating events, as well as insufficient sanitization and escaping in some event fields. This could allow unauthenticated attackers to create arbitrary events and inject Cross-Site Scripting payloads. The vulnerability can be exploited remotely, potentially leading to cross-site request forgery. **Recommendations** For versions prior to 1.4.07, update to version 1.4.07 or later to resolve the issue. As a temporary workaround, consider restricting access to event creation functionality to minimize the risk of exploitation. Avoid using the plugin's event creation feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MotoPress Timetable and Event Schedule (affected versions not specified) **Description** A problematic issue affects some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument `post title` with the input <img src=x onerror=alert`2`> leads to cross site scripting. The attack may be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MotoPress Timetable and Event Schedule versions up to 1.4.06 **Description** A vulnerability has been found in the Calendar Handler component of MotoPress Timetable and Event Schedule. The issue affects an unknown part of the file "/wp/?cpmvc id=1&cpmvc do action=mvparse&f=datafeed&calid=1&month index=1&method=adddetails&id=2". The manipulation of the `Subject`, `Location`, or `Description` arguments leads to cross-site scripting. It is possible to initiate the attack remotely. **Recommendations** For MotoPress Timetable and Event Schedule versions up to 1.4.06, consider disabling the Calendar Handler component or restricting access to the affected file until a patch is available. As a temporary workaround, avoid using the `Subject`, `Location`, or `Description` arguments in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Everywhere CMS (affected versions not specified) **Description** A critical issue has been found, affecting an unknown function. The manipulation of the `id` argument leads to SQL injection, allowing for remote attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eatan CMS (affected versions not specified) **Description** A critical issue has been identified, affecting an unknown functionality of the software, which leads to sql injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lógico y Creativo version 1.0 **Description** A critical issue was found that affects some unknown processing. The manipulation of the `id` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For Lógico y Creativo version 1.0, consider restricting access to the `id` argument to minimize the risk of SQL injection exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Neetai Tech (affected versions not specified) **Description** A critical issue was found in Neetai Tech, affecting an unknown function of the file /product.php. This issue leads to sql injection and can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MINMAX (affected versions not specified) **Description** A critical issue has been found in MINMAX, affecting an unknown part of the file /newsDia.php. The manipulation of the `id` argument leads to SQL injection, allowing for remote attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Brandbugle (affected versions not specified) **Description** A critical issue affects some unknown functionality of the file /main.php, leading to sql injection. The attack may be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Chichen Tech CMS version 1.0 Description: The issue is related to SQL injection vulnerabilities found in the product list.php file. The vulnerabilities are exploitable via the `id` and `cid` parameters. Recommendations: For Chichen Tech CMS version 1.0, consider restricting access to the product list.php file or avoiding the use of the `id` and `cid` parameters until a fix is available.