Nguyen Thi Huyen Trang

Name of the Vulnerable Software and Affected Versions: Uzair Easyfonts versions 1.1.2 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.1.2 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AboZain Albanna Customize Login Page versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on the web application. Recommendations: For versions 1.1 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests until a patch is available. Restrict access to sensitive operations that can be exploited through CSRF attacks to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: bhoogterp Scheduled versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potentially leading to the execution of malicious scripts stored on the site. Recommendations: For versions n/a through 1.0, as a temporary workaround, consider implementing additional validation checks for requests to prevent unauthorized actions. Restrict access to sensitive functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: FraudLabs Pro for WooCommerce versions 2.22.7 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS. This means an attacker could potentially trick a user into performing unintended actions on the website, and also store malicious scripts that could be executed by other users. Recommendations: For versions 2.22.7 and earlier, update to a version later than 2.22.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive functions and validating user input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Nepali Date Utilities versions 1.0.13 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts stored on the site. Recommendations: For versions 1.0.13 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Doppler Forms versions 2.4.5 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts stored on the server. Recommendations: For Doppler Forms versions 2.4.5 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.