Nguy Minh

**Name of the Vulnerable Software and Affected Versions** WP-Polls plugin versions prior to 2.76.1 **Description** A race condition issue exists in the WP-Polls plugin, affecting users with subscriber or higher permissions. This issue can be exploited due to improper synchronization, potentially leading to unauthorized access or data modification. **Recommendations** For WP-Polls plugin versions prior to 2.76.1, update to version 2.76.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Store Locator plugin versions <= 1.4.5 **Description** The issue is related to a Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability can be exploited to execute malicious scripts on the client-side. **Recommendations** For Store Locator plugin versions <= 1.4.5, update to a version higher than 1.4.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Rate my Post – WP Rating System plugin versions <= 3.3.4 **Description** The issue allows attackers to manipulate votes by exploiting a race condition in the plugin. This can result in increased or decreased votes. **Recommendations** For Rate my Post – WP Rating System plugin versions <= 3.3.4, update to a version higher than 3.3.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Rate my Post – WP Rating System plugin versions <= 3.3.4 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Rate my Post – WP Rating System plugin versions <= 3.3.4, update to a version higher than 3.3.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Totalsoft Event Calendar – Calendar plugin versions 1.4.6 and earlier **Description** The issue concerns an Unauthenticated Event Deletion vulnerability. **Recommendations** For versions 1.4.6 and earlier, update to a version later than 1.4.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Lester 'GaMerZ' Chan WP-PostRatings plugin version 1.89 and earlier **Description** The issue is related to a race condition that allows rating increase or decrease in the WP-PostRatings plugin. **Recommendations** For Lester 'GaMerZ' Chan WP-PostRatings plugin version 1.89 and earlier, update to a version later than 1.89 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Contest Gallery plugin versions <= 17.0.4 **Description** The issue is an authenticated SQL Injection vulnerability, affecting the Contest Gallery plugin at WordPress. This allows for SQL injection attacks when an attacker has author or higher privileges. **Recommendations** For versions <= 17.0.4, update to a version higher than 17.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's database interactions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Biplob Adhikari's Image Hover Effects Ultimate plugin versions <= 9.7.1 **Description** The issue is an Authenticated Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, but only if they have admin or higher user role access. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Biplob Adhikari's Image Hover Effects Ultimate plugin versions <= 9.7.1, update to a version higher than 9.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Download Monitor versions prior to 4.4.7 **Description** An Authenticated Reflected Cross-Site Scripting (XSS) issue was found in the WordPress plugin Download Monitor. **Recommendations** For versions prior to 4.4.7, update to version 4.4.7 or later to resolve the issue.