Nguyen Tran Tuan Dung

**Name of the Vulnerable Software and Affected Versions** PDF for Elementor Forms + Drag And Drop Template Builder versions prior to 5.5.2 **Description** A missing authorization issue exists that allows the exploitation of incorrectly configured access control security levels. **Recommendations** Update to version 5.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** eLEOPARD Behance Portfolio Manager versions through 1.7.5 **Description** The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be stored on the server and executed by other users when they view the affected web page. The vulnerability affects the Behance Portfolio Manager. The issue allows for the injection of malicious code through web pages. **Recommendations** Update eLEOPARD Behance Portfolio Manager to a version later than 1.7.5.

**Name of the Vulnerable Software and Affected Versions** ConoHa by GMO WING WordPress Migrator versions through 1.1.9 **Description** A Cross-Site Request Forgery (CSRF) issue exists in ConoHa by GMO WING WordPress Migrator. This allows for the upload of a web shell to a web server. Exploitation requires a victim to click a malicious link. **Recommendations** Update to version 1.1.9.

**Name of the Vulnerable Software and Affected Versions** Malcure Malware Scanner versions n/a through 16.8 **Description** A missing authorization flaw exists in Malcure Malware Scanner, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Barcode Scanner with Inventory & Order Manager versions through 1.9.0 Description: The software contains a Path Traversal issue due to improper limitation of a pathname to a restricted directory. This allows attackers to traverse directory paths. Recommendations: Update Barcode Scanner with Inventory & Order Manager to a version later than 1.9.0.

**Name of the Vulnerable Software and Affected Versions** WPFactory Product XML Feed Manager for WooCommerce versions through 2.9.2 **Description** The software contains a missing authorization flaw due to incorrectly configured access control security levels. **Recommendations** Update WPFactory Product XML Feed Manager for WooCommerce to a version later than 2.9.2.

**Name of the Vulnerable Software and Affected Versions** Contest Gallery versions through 26.0.6 **Description** Contest Gallery is susceptible to a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. **Recommendations** Update Contest Gallery to a version later than 26.0.6.

Name of the Vulnerable Software and Affected Versions: Off-Canvas Sidebars & Menus (Slidebars) versions 0.5.8.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions 0.5.8.4 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Infigo Software IS-theme-companion versions 1.57 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Object Injection. Recommendations: For Infigo Software IS-theme-companion versions 1.57 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cookiebot versions through 4.5.8 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where an attacker tricks a user into performing an unintended action on a web application that the user is authenticated to. Recommendations: For versions through 4.5.8, update to a version that contains a fix for this issue to prevent Cross-Site Request Forgery attacks.

Name of the Vulnerable Software and Affected Versions: ContentStudio versions 1.3.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For ContentStudio versions 1.3.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cookie-Script.com versions 1.2.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in Cookie Script, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.2.1 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Climax Themes Kata Plus versions 1.5.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For Climax Themes Kata Plus versions 1.5.3 and earlier, update to a version that contains a fix for this issue, as no specific workaround or mitigation measures are provided in the given information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: mahabub81 User Roles and Capabilities versions 1.2.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.2.6 and earlier, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: UpStream: a Project Management Plugin for WordPress versions prior to 2.1.0 Description: The issue affects the access control security levels in the UpStream plugin, allowing exploitation due to incorrectly configured security levels. Recommendations: For versions prior to 2.1.0, update to version 2.1.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: JobWP versions n/a through 2.4.0 Description: A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions n/a through 2.4.0, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WANotifier versions through 2.7.7 Description: The issue is related to a Missing Authorization vulnerability in WANotifier, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For versions through 2.7.7, update to a version that addresses the Missing Authorization vulnerability to prevent exploitation of incorrectly configured access control security levels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: slui Media Hygiene versions n/a through 4.0.1 Description: The issue is related to a Missing Authorization vulnerability in slui Media Hygiene, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through 4.0.1, update to a version later than 4.0.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Joe Hoyle WPThumb versions 0.10 and earlier Description: A Server-Side Request Forgery (SSRF) issue affects Joe Hoyle WPThumb, allowing for Server Side Request Forgery. Recommendations: For Joe Hoyle WPThumb versions 0.10 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WP Customer Area versions 8.2.5 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For WP Customer Area versions 8.2.5 and earlier, update to a version later than 8.2.5 to resolve the issue.