Nguyen Thi Huyen Trang - Skalucy

Name of the Vulnerable Software and Affected Versions: Import Export For WooCommerce versions 1.6.2 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potentially leading to the execution of malicious scripts stored on the site. Recommendations: For Import Export For WooCommerce versions 1.6.2 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OTWthemes Sidebar Manager Light versions 1.18 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user. **Recommendations** For versions 1.18 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trân Minh-Quân WPVN versions 0.7.8 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. **Recommendations** For Trân Minh-Quân WPVN versions 0.7.8 and earlier, update to a version that fixes this issue, as no specific mitigation measures are provided.

**Name of the Vulnerable Software and Affected Versions** John Weissberg Print Science Designer versions 1.3.155 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS in John Weissberg Print Science Designer. **Recommendations** For versions 1.3.155 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided.

**Name of the Vulnerable Software and Affected Versions** felixtz Modern Polls versions 1.0.10 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. **Recommendations** For felixtz Modern Polls versions 1.0.10 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** illow – Cookies Consent versions 0.2.0 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 0.2.0 and earlier, as a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ever Accounting versions n/a through 2.1.5 **Description** A Cross-Site Request Forgery (CSRF) issue affects Ever Accounting, allowing unauthorized actions to be performed on behalf of a user. **Recommendations** For versions n/a through 2.1.5, update to a version later than 2.1.5 to resolve the issue. As a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. Restrict access to sensitive functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yuya Hoshino Bulk Term Editor versions 1.1.4 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. **Recommendations** For Yuya Hoshino Bulk Term Editor versions 1.1.4 and earlier, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** InPost Gallery versions 2.1.4.3 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For InPost Gallery versions 2.1.4.3 and earlier, as a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: dolby uk Mobile Smart versions n/a through v1.3.16 Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data theft. Recommendations: For versions n/a through v1.3.16, update to a version later than v1.3.16 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious code injection until a patch is available.

Name of the Vulnerable Software and Affected Versions: CodeVibrant Maintenance Notice versions 1.0.0 through 1.0.5 Description: The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability, which allows for Cross Site Request Forgery. Recommendations: For versions 1.0.0 through 1.0.5, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Skrill Official versions 1.0.0 through 1.0.65 Description: The issue is related to a Cross-Site Request Forgery (CSRF) problem. This means that an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. Recommendations: For versions 1.0.0 through 1.0.65, update to a version later than 1.0.65 to resolve the issue. As a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions.

Name of the Vulnerable Software and Affected Versions: Rankchecker.io Integration versions 1.0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Rankchecker.io Integration, which allows Stored XSS. Recommendations: For versions 1.0.9 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: W3Counter Free Real-Time Web Stats versions prior to 4.1 Description: The issue is related to a Cross-Site Request Forgery (CSRF) problem, which allows unauthorized actions to be performed on behalf of a user. This can be exploited by an attacker to perform actions without the user's knowledge or consent. Recommendations: For versions prior to 4.1, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about additional mitigation measures for this specific issue.

Name of the Vulnerable Software and Affected Versions: Muntasir Rahman Custom Dashboard Page versions 1.0 and earlier Description: The issue is related to a cross-site request forgery (CSRF) problem, which allows for Cross Site Request Forgery. This is a type of attack where an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. Recommendations: For versions 1.0 and earlier, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive operations on the Custom Dashboard Page until a proper fix is applied.

Name of the Vulnerable Software and Affected Versions: Carlos Minatti Delete Original Image versions 0.4 and earlier Description: The issue is related to a Cross-Site Request Forgery (CSRF) problem, which allows for Cross-Site Request Forgery. This is a type of attack where an attacker can trick a user into performing unintended actions on a web application. Recommendations: For Carlos Minatti Delete Original Image version 0.4 and earlier, as a temporary workaround, consider implementing CSRF token validation to prevent unauthorized requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: xjb REST API TO MiniProgram versions prior to 4.7.1 Description: The issue is related to a Cross-Site Request Forgery (CSRF) problem, which allows for Cross-Site Request Forgery. This is a type of attack where an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. Recommendations: For versions prior to 4.7.1, update to version 4.7.1 or later to resolve the issue. As a temporary workaround, consider implementing CSRF tokens or other anti-CSRF measures to minimize the risk of exploitation. Restrict access to sensitive API endpoints to minimize the risk of unauthorized requests.

Name of the Vulnerable Software and Affected Versions: ZipList Recipe versions n/a through 3.1 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions n/a through 3.1, update to a version that includes a fix for this issue, as no specific mitigation measures are provided.

Name of the Vulnerable Software and Affected Versions: Fastmover Plugins Last Updated Column versions 0.1.3 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthorized actions to be performed on behalf of a user. This is due to inadequate protection against CSRF attacks in the affected plugin. Recommendations: For Fastmover Plugins Last Updated Column versions 0.1.3 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Aftab Ali Muni WP Add Active Class To Menu Item versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Cross Site Request Forgery. Recommendations: For Aftab Ali Muni WP Add Active Class To Menu Item versions 1.0 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided.