Ngo Van

**Name of the Vulnerable Software and Affected Versions** WP Page Builder plugin version 1.2.6 and earlier **Description** The issue concerns Stored Cross-Site Scripting (XSS) vulnerabilities in the WP Page Builder plugin. These vulnerabilities allow for multiple authentication bypasses. **Recommendations** For WP Page Builder plugin version 1.2.6 and earlier, update to a version later than 1.2.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ExpressTech Quiz And Survey Master plugin versions prior to 7.3.5 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by contributors or users with higher privileges. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For ExpressTech Quiz And Survey Master plugin versions prior to 7.3.5, update to version 7.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for contributor-level users and below until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Themepoints Testimonials plugin versions <= 2.6 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into the application, which can then be executed by other users. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Themepoints Testimonials plugin versions <= 2.6, update to a version higher than 2.6 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** ExpressTech Quiz And Survey Master plugin versions prior to 7.3.5 **Description** The issue is related to a Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. The vulnerability is present in the ExpressTech Quiz And Survey Master plugin for WordPress and requires authentication with editor or higher privileges to exploit. **Recommendations** For ExpressTech Quiz And Survey Master plugin versions prior to 7.3.5, update to version 7.3.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pop-Up Chop Chop plugin versions <= 2.1.7 on WordPress **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) in the Pop-Up Chop Chop plugin. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Pop-Up Chop Chop plugin versions <= 2.1.7, update to a version higher than 2.1.7 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Booking Ultra Pro plugin versions 1.1.4 and earlier **Description** The issue concerns multiple Cross-Site Request Forgery (CSRF) vulnerabilities. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.1.4 and earlier, update to a version later than 1.1.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Booking Ultra Pro plugin versions <= 1.1.4 **Description** The issue is related to a Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability can be exploited in the Booking Ultra Pro plugin at WordPress. **Recommendations** For Booking Ultra Pro plugin versions <= 1.1.4, update to a version higher than 1.1.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the WordPress site to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ExpressTech Quiz And Survey Master plugin versions prior to 7.3.5 **Description** The issue is related to an insecure direct object references (IDOR) vulnerability. This vulnerability allows attackers to change the content of the quiz. **Recommendations** For ExpressTech Quiz And Survey Master plugin versions prior to 7.3.5, update to version 7.3.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Awesome UG Torro Forms plugin versions 1.0.16 and earlier **Description** The issue is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with contributor or higher privileges can inject malicious scripts into the application, which will be executed by other users. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For Awesome UG Torro Forms plugin versions 1.0.16 and earlier, update to a version later than 1.0.16 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with contributor or higher privileges until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Themes Awesome History Timeline plugin versions 1.0.5 and earlier **Description** The issue is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. It affects the Themes Awesome History Timeline plugin at WordPress, allowing potential exploitation by authenticated users with author or higher privileges. **Recommendations** For versions 1.0.5 and earlier, update to a version later than 1.0.5 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fullworks Meet My Team plugin version 2.0.5 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with contributor or higher privileges can inject malicious scripts into the application, which can then be executed by other users. **Recommendations** For Fullworks Meet My Team plugin version 2.0.5 and earlier, update to a version later than 2.0.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Blossom Recipe Maker plugin versions 1.0.7 and earlier **Description** The issue concerns multiple authenticated Stored Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can be exploited by contributors or users with higher privileges. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Blossom Recipe Maker plugin versions 1.0.7 and earlier, update to a version later than 1.0.7 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NOTICE BOARD plugin versions <= 1.1 at WordPress. **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with contributor or higher privileges can inject malicious scripts into the NOTICE BOARD plugin, potentially affecting users who interact with the compromised plugin. **Recommendations** For NOTICE BOARD plugin versions <= 1.1, update to a version higher than 1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Awesome Filterable Portfolio plugin version 1.9.7 and earlier **Description** The issue is an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website without needing authentication, potentially affecting user sessions. **Recommendations** For Awesome Filterable Portfolio plugin version 1.9.7 and earlier, update to a version later than 1.9.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WHA Crossword plugin version 1.1.10 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with contributor or higher privileges can inject malicious scripts into the application, potentially affecting users who interact with the compromised content. **Recommendations** For WHA Crossword plugin version 1.1.10 and earlier, update to a version later than 1.1.10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GS Testimonial Slider plugin versions prior to 1.9.7 **Description** The issue concerns multiple authenticated Stored Cross-Site Scripting (XSS) vulnerabilities. This means that an attacker with contributor or higher privileges can inject malicious scripts into the application, which are then stored and executed by the application, potentially leading to unauthorized actions or data theft. **Recommendations** For GS Testimonial Slider plugin versions prior to 1.9.7, update to version 1.9.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Awesome Filterable Portfolio plugin versions <= 1.9.7 **Description** The issue concerns an Unauthenticated Plugin Settings Change vulnerability. It affects the Awesome Filterable Portfolio plugin at WordPress. **Recommendations** For versions <= 1.9.7, update to a version higher than 1.9.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WPChill Gallery PhotoBlocks plugin versions prior to 1.2.7 **Description** The issue concerns Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities. This means that an attacker could potentially inject malicious scripts into the application, which would then be executed by the user's browser, allowing the attacker to steal user data or take control of the user's session. **Recommendations** For WPChill Gallery PhotoBlocks plugin versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WHA's Word Search Puzzles game plugin version 2.0.1 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with author or higher privileges can inject malicious scripts into the game plugin, potentially affecting users who interact with the compromised content. **Recommendations** For WHA's Word Search Puzzles game plugin version 2.0.1 and earlier, update to a version later than 2.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PluginlySpeaking Easy Org Chart plugin versions prior to 3.2 **Description** The issue is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. It affects the PluginlySpeaking Easy Org Chart plugin at WordPress, where contributors or higher-privileged users can inject malicious scripts. **Recommendations** For PluginlySpeaking Easy Org Chart plugin versions prior to 3.2, update to version 3.2 or later to resolve the issue.