Nguyen Anh Tien

**Name of the Vulnerable Software and Affected Versions** Post Teaser versions 4.1.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability in WeyHan Ng Post Teaser. **Recommendations** For Post Teaser versions 4.1.5 and earlier, update to a version later than 4.1.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Analytify versions n/a through 4.2.3 **Description** The issue is related to a Missing Authorization vulnerability in Analytify. This vulnerability allows unauthorized access due to the lack of proper authorization checks. **Recommendations** For versions n/a through 4.2.3, update to a version later than 4.2.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPDeveloper BetterLinks versions 1.6.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability in WPDeveloper BetterLinks, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WPDeveloper BetterLinks versions 1.6.0 and earlier, update to a version later than 1.6.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IDX IMPress Listings versions n/a through 2.6.2 **Description** The issue is related to a Missing Authorization vulnerability in IDX IMPress Listings, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions n/a through 2.6.2, update to a version later than 2.6.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Subscribe to Category versions n/a through 2.7.4 **Description** The issue is related to a missing authorization vulnerability in Subscribe to Category, which allows the exploitation of incorrectly configured access control security levels. **Recommendations** For versions n/a through 2.7.4, update to a version later than 2.7.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Link Whisper Free versions 0.6.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. This is an unauthenticated broken access control vulnerability that can be exploited by attackers, potentially exposing sensitive data. Users are urged to update to the latest version to mitigate risks. **Recommendations** For Link Whisper Free version 0.6.3 and earlier, update to the latest version immediately to secure your site and mitigate the risk of exploitation. As a temporary workaround, consider restricting access to sensitive data until the update is applied. Ensure your site is secure by updating to the latest version.

**Name of the Vulnerable Software and Affected Versions** Redirection for Contact Form 7 versions through 2.9.2 **Description** The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. This is a broken access control issue that can be exploited. **Recommendations** Update to the latest version to secure your site.

**Name of the Vulnerable Software and Affected Versions** Easy Social Icons versions 3.2.4 and earlier **Description** A broken access control vulnerability has been identified in the Easy Social Icons plugin for WordPress. This issue allows exploiting incorrectly configured access control security levels due to missing authorization. Users are urged to update to the latest version to mitigate risks. **Recommendations** For versions 3.2.4 and earlier, update to the latest version to secure your site and mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** RoboSoft Robo Gallery versions 3.2.9 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For RoboSoft Robo Gallery versions 3.2.9 and earlier, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lucian Apostol Auto Affiliate Links versions through 6.2.1.5 **Description** The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. **Recommendations** For versions through 6.2.1.5, update to a version later than 6.2.1.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Easy Digital Downloads versions 3.1.5 and earlier **Description** The issue affects Easy Digital Downloads, allowing exploitation of incorrectly configured access control security levels due to a missing authorization vulnerability. This involves broken access control, which can be exploited. **Recommendations** For versions 3.1.5 and earlier, update to the latest version to remediate the issue and mitigate risks. As a temporary workaround, consider restricting access to sensitive areas of the plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Majeed Raza Carousel Slider versions through 2.2.2 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For versions through 2.2.2, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP-RecentComments versions through 2.2.7 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For WP-RecentComments versions through 2.2.7, update to a version later than 2.2.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Igor Benic Simple Giveaways versions 2.48.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 2.48.0 and earlier, update to a version that contains a fix for this issue, as the current version has a Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nikolay Strikhar WordPress Form Builder Plugin – Gutenberg Forms versions 2.2.8.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability. This vulnerability affects the WordPress Form Builder Plugin – Gutenberg Forms. **Recommendations** For versions 2.2.8.3 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPvivid Backup and Migration versions 0.9.90 and earlier **Description** The issue is related to Improper Privilege Management, allowing Privilege Escalation. **Recommendations** For WPvivid Backup and Migration versions 0.9.90 and earlier, update to a version later than 0.9.90 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Leyka versions 3.30.2 and earlier **Description** The issue is related to Improper Privilege Management, which allows Privilege Escalation in Leyka. **Recommendations** For Leyka versions 3.30.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP-FormAssembly versions n/a through 2.0.5 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This vulnerability allows Path Traversal in FormAssembly / Drew Buschhorn WP-FormAssembly. **Recommendations** For WP-FormAssembly versions n/a through 2.0.5, update to a version later than 2.0.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** If Menu versions 0.16.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the Layered If Menu. **Recommendations** For versions 0.16.3 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Auto Amazon Links – Amazon Associates Affiliate Plugin versions through 5.1.1 **Description** The issue affects the Auto Amazon Links – Amazon Associates Affiliate Plugin, allowing Stored XSS due to improper neutralization of input during web page generation. This is a Cross-site Scripting vulnerability. **Recommendations** For versions through 5.1.1, update to a version later than 5.1.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.