Myungju Kim

**Name of the Vulnerable Software and Affected Versions** UusWeb.Ee WS Contact Form versions 1.3.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.3.7 and earlier, update to a version that fixes the Stored XSS issue. As a temporary workaround, consider restricting user input in the contact form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webstix Admin Dashboard versions n/a through 3.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in the Webstix Admin Dashboard RSS Feed. **Recommendations** For versions n/a through 3.1, update to a version that contains a fix for this issue to prevent Stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Job Board Manager versions prior to 2.1.58 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions prior to 2.1.58, update to version 2.1.58 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Delower WP To Do versions 1.3.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For Delower WP To Do versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of Stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Dextaz Ping versions 0.65 and earlier **Description** The issue is related to an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. This allows Command Injection in Dextaz Ping. **Recommendations** For versions 0.65 and earlier, update to a version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the command execution functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** URBAN BASE Z-Downloads versions 1.11.3 and earlier **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the Z-Downloads component. **Recommendations** For versions 1.11.3 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Save as PDF plugin by Pdfcrowd versions 3.2.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For Save as PDF plugin by Pdfcrowd versions 3.2.1 and earlier, update to a version later than 3.2.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Save as Image plugin by Pdfcrowd versions 3.2.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into a website, potentially affecting users who access the compromised page. **Recommendations** For versions 3.2.1 and earlier, update to a version later than 3.2.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sukhchain Singh Auto Poster versions 1.2 and earlier **Description** The issue affects the Auto Poster, allowing for the unrestricted upload of files with dangerous types. **Recommendations** For versions 1.2 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Upload Resume versions 1.2.0 and earlier **Description** The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access to it. **Recommendations** For versions 1.2.0 and earlier, update to a version that contains a fix for this issue, as no specific workaround or mitigation has been provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Harmonic Design HD Quiz versions 1.8.11 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the page. **Recommendations** For versions 1.8.11 and earlier, update to a version later than 1.8.11 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Job Board and Recruitment Plugin – JobWP versions n/a through 2.1 **Description** The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access to it. **Recommendations** For versions n/a through 2.1, update to a version later than 2.1 to resolve the issue. At the moment, there is no information about other mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** WordPress Job Board and Recruitment Plugin – JobWP versions 2.0 and earlier **Description** The issue is related to an Unrestricted Upload of File with Dangerous Type, which affects the WordPress Job Board and Recruitment Plugin – JobWP. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For WordPress Job Board and Recruitment Plugin – JobWP versions 2.0 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PI Websolution Conditional cart fee plugin versions 1.0.96 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. **Recommendations** For PI Websolution Conditional cart fee plugin versions 1.0.96 and earlier, update to a version later than 1.0.96 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WooCommerce plugin versions <= 2.1.48 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability in the PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, and Quick View button for the WooCommerce plugin. **Recommendations** For versions <= 2.1.48, update to a version higher than 2.1.48 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable buttons and features until a patch is available. Avoid using the vulnerable features in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin versions prior to 1.3.3 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects users with admin+ authentication. This vulnerability can be exploited through specific endpoints related to order management, such as canceling, returning, or reordering. **Recommendations** For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WooCommerce plugin versions prior to 3.0.19 **Description** A Stored Cross-Site Scripting (XSS) vulnerability exists, allowing authenticated administrators to inject malicious scripts. This issue affects the PI Websolution Order date, Order pickup, Order date time, Pickup Location, and delivery date components. **Recommendations** For versions prior to 3.0.19, update to version 3.0.19 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Catch Themes Darcie theme versions 1.1.5 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions 1.1.5 and earlier, update to a version later than 1.1.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PI Websolution Product Enquiry for WooCommerce versions 2.2.12 and earlier **Description** The issue is related to a Stored Cross-site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the WooCommerce product catalog plugin. **Recommendations** For versions 2.2.12 and earlier, update to a version later than 2.2.12 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's administrative interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PI Websolution Product page shipping calculator for WooCommerce plugin versions 1.3.20 and earlier **Description** The issue is related to an Authenticated Stored Cross-site Scripting (XSS) vulnerability. This means that an attacker with admin privileges can inject malicious code into the application, which will be executed by the browser of other users. The vulnerability is located in the shipping calculator functionality of the plugin. **Recommendations** For versions 1.3.20 and earlier, update to a version later than 1.3.20 to resolve the issue. As a temporary workaround, consider restricting access to the shipping calculator feature in the plugin to minimize the risk of exploitation.