Nguyen Xuan Chien

**Name of the Vulnerable Software and Affected Versions** wpDataTables versions through 6.5.0.1 **Description** The software contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local File Inclusion. The issue affects the wpDataTables component. **Recommendations** Update to a version newer than 6.5.0.1.

**Name of the Vulnerable Software and Affected Versions** Zoho ZeptoMail versions n/a through 3.3.1 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Zoho ZeptoMail, also allowing for Stored Cross-Site Scripting (XSS). The issue impacts the way requests are handled, potentially allowing an attacker to perform actions on behalf of an authenticated user without their knowledge. **Recommendations** Versions prior to 3.3.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** nebelhorn Blappsta Mobile App Plugin & Your native, mobile iPhone App and Android App versions through 0.8.8.8 **Description** The software contains a flaw related to improper input handling during web page generation, leading to a Reflected Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages viewed by users. The vulnerability affects the Blappsta Mobile App Plugin and associated native mobile applications for iPhone and Android. **Recommendations** Update to a version later than 0.8.8.8.

**Name of the Vulnerable Software and Affected Versions** Prasadkirpekar Advanced Custom CSS versions through 1.1.0 **Description** The software contains a flaw related to improper input handling during web page creation, which allows for Reflected Cross-Site Scripting (XSS). This means an attacker could potentially inject malicious scripts into a web page viewed by other users. The affected component is susceptible to exploitation through crafted input. **Recommendations** Update Prasadkirpekar Advanced Custom CSS to a version later than 1.1.0.

**Name of the Vulnerable Software and Affected Versions** INVELITY Invelity SPS connect versions through 1.0.8 **Description** A flaw exists in INVELITY Invelity SPS connect that allows for Reflected Cross-Site Scripting (XSS). This occurs due to improper neutralization of input during web page generation. The issue allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is susceptible to exploitation through crafted input. **Recommendations** Update INVELITY Invelity SPS connect to a version later than 1.0.8.

**Name of the Vulnerable Software and Affected Versions** reDim GmbH CookieHint WP versions through 1.0.0 **Description** The software contains a flaw related to improper control of filenames used in include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update to a version later than 1.0.0.

**Name of the Vulnerable Software and Affected Versions** Councilsoft Content Grid Slider versions through 1.5 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting issue. This allows for the execution of malicious scripts through crafted input. The vulnerable component is susceptible to attacks where an attacker can inject malicious code into a web page viewed by other users. The affected API endpoint is not specified. The vulnerable parameter is not specified. The vulnerable function is not specified. **Recommendations** Update to a version later than 1.5.

**Name of the Vulnerable Software and Affected Versions** Codeaffairs Wp Text Slider Widget versions through 1.0 **Description** The Codeaffairs Wp Text Slider Widget contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. The issue impacts the application by allowing an attacker to execute arbitrary code within the context of a user's browser. The vulnerability affects the application through the use of vulnerable parameters and API endpoints. The vulnerable parameters are not specified. **Recommendations** Update Codeaffairs Wp Text Slider Widget to a version later than 1.0.

**Name of the Vulnerable Software and Affected Versions** CedCommerce Integration for Good Market versions through 1.0.6 **Description** The software contains a flaw related to improper control of filenames used in include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update CedCommerce Integration for Good Market to a version later than 1.0.6.

**Name of the Vulnerable Software and Affected Versions** BoldGrid Sprout Clients versions through 3.2.1 **Description** A flaw exists in BoldGrid Sprout Clients that allows for Reflected Cross-site Scripting (XSS). This issue arises from improper input validation during web page generation. The vulnerability affects the `sprout-clients` component. **Recommendations** Update BoldGrid Sprout Clients to a version later than 3.2.1.

**Name of the Vulnerable Software and Affected Versions** Agence web Eoxia - Montpellier Task Manager versions through 3.0.2 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. **Recommendations** Update to a version later than 3.0.2.

**Name of the Vulnerable Software and Affected Versions** jbhovik Ray Enterprise Translation versions through 1.7.1 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files. **Recommendations** Update to a version later than 1.7.1.

Name of the Vulnerable Software and Affected Versions: WooCommerce Booking Bundle Hours versions through 0.7.4 Description: A Cross-Site Request Forgery (CSRF) vulnerability exists in Cristiano Zanca WooCommerce Booking Bundle Hours, which can lead to Stored Cross-Site Scripting (XSS). Recommendations: Update WooCommerce Booking Bundle Hours to a version later than 0.7.4.

Name of the Vulnerable Software and Affected Versions: Constant Contact for WordPress versions through 4.1.1 Description: Deserialization of untrusted data in Constant Contact for WordPress allows for object injection. Recommendations: Update Constant Contact for WordPress to a version later than 4.1.1.

**Name of the Vulnerable Software and Affected Versions** Yaidier WN Flipbox Pro versions through 2.1 **Description** A Cross-Site Request Forgery (CSRF) vulnerability exists in Yaidier WN Flipbox Pro, which also allows Reflected Cross-Site Scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule versions n/a through 2020.1.0 **Description** A Cross-Site Request Forgery (CSRF) vulnerability exists in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule. This issue also allows Reflected Cross-Site Scripting (XSS). **Recommendations** Update Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule to a version later than 2020.1.0.

**Name of the Vulnerable Software and Affected Versions** aakash1911 WP likes versions n/a through 3.1.1 **Description** A Cross-Site Request Forgery (CSRF) vulnerability exists in aakash1911 WP likes, which also allows Reflected Cross-Site Scripting (XSS). **Recommendations** Update aakash1911 WP likes to a version later than 3.1.1.

**Name of the Vulnerable Software and Affected Versions** Subhash Kumar Database to Excel versions n/a through 1.0 **Description** A Cross-Site Request Forgery (CSRF) vulnerability exists in Subhash Kumar Database to Excel, which also allows for Stored Cross-Site Scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** David Merinas Auto Last Youtube Video versions n/a through 1.0.7 **Description** A Cross-Site Request Forgery (CSRF) vulnerability exists in David Merinas Auto Last Youtube Video, which also allows Stored Cross-Site Scripting (XSS). **Recommendations** Update David Merinas Auto Last Youtube Video to a version later than 1.0.7.

**Name of the Vulnerable Software and Affected Versions** ChrisHurst Bulk Watermark versions through 1.6.10 **Description** The software contains a Cross-Site Request Forgery (CSRF) vulnerability that also allows Reflected Cross-Site Scripting (XSS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.