Nikhil Kapoor

**Name of the Vulnerable Software and Affected Versions** The Loading Page with Loading Screen WordPress plugin versions prior to 1.0.83 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks due to the plugin not escaping its settings. This can occur even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.0.83, update to version 1.0.83 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bold Page Builder WordPress plugin versions prior to 4.3.3 **Description** The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Sitemap Page WordPress plugin versions prior to 1.7.0 **Description** The issue arises from the plugin's failure to properly sanitise and escape some of its settings. This could allow high privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed. **Recommendations** For WP Sitemap Page WordPress plugin versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Duplicate Page WordPress plugin versions 4.4.2 and earlier **Description** The issue allows high privilege users to perform Stored Cross-Site Scripting attacks due to the lack of sanitization or escaping of the `Duplicate Post Suffix` settings before outputting it, even when the `unfiltered html` capability is disallowed. **Recommendations** For Duplicate Page WordPress plugin versions 4.4.2 and earlier, update to a version later than 4.4.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.