Nikolas

**Name of the Vulnerable Software and Affected Versions** wpbakery plugin for WordPress versions up to, and including, 7.5 **Description** The issue is related to Stored Cross-Site Scripting via the Post Author tag attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 7.5, update the wpbakery plugin to a version that includes the necessary security fixes to address the Stored Cross-Site Scripting vulnerability. As a temporary workaround, consider restricting access to the Post Author tag attribute to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wpbakery plugin for WordPress versions up to, and including, 7.5 **Description** The issue is related to Stored Cross-Site Scripting via the Custom Heading tag attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 7.5, upgrade to a version higher than 7.5 to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the Custom Heading tag attribute until a patch is available.

**Name of the Vulnerable Software and Affected Versions** wpbakery plugin for WordPress versions up to, and including, 7.5 **Description** The issue is related to Stored Cross-Site Scripting via the Post Title tag attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 7.5, update to a version higher than 7.5 to resolve the issue. As a temporary workaround, consider restricting access to the Post Title tag attribute to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.6 **Description** The issue is related to Stored Cross-Site Scripting via svg file upload due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability affects both the free and pro versions of the plugin, with the free version limited to exploitation by administrators, and the pro version also exploitable by lower-level users if certain functionality is enabled. **Recommendations** For versions up to, and including, 1.0.6, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the svg file upload functionality until a patch is available. Additionally, restrict the ability of lower-level users to upload files in the pro version to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wpbakery plugin for WordPress versions up to, and including, 7.5 **Description** The issue is related to Stored Cross-Site Scripting via the button `onclick` attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 7.5, update to a version higher than 7.5 to resolve the issue. As a temporary workaround, consider restricting access to the button `onclick` attribute to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.4 **Description** The issue is related to Stored Cross-Site Scripting via the `style` attribute of the Team Members widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 8.3.4, update to a version higher than 8.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the Team Members widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Revslider plugin for WordPress versions up to, and including, 6.6.20 **Description** The issue is related to Stored Cross-Site Scripting via svg upload due to insufficient input sanitization and output escaping. This allows authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure revslider can be extended to authors. **Recommendations** For versions up to, and including, 6.6.20, update to a version higher than 6.6.20 to resolve the issue. As a temporary workaround, consider restricting access to the svg upload feature to minimize the risk of exploitation. Additionally, limit the ability to use and configure revslider to only trusted administrators to reduce the potential attack surface.

**Name of the Vulnerable Software and Affected Versions** The Element Pack Elementor Addons plugin for WordPress versions up to, and including, 5.5.3 **Description** The issue is related to Stored Cross-Site Scripting via the `element pack wrapper link` attribute of the Trailer Box widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.5.3, update to a version higher than 5.5.3 to resolve the issue. As a temporary workaround, consider disabling the Trailer Box widget until a patch is available. Restrict access to the `element pack wrapper link` attribute to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.2 **Description** The issue is related to Stored Cross-Site Scripting via the `button link` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.7.4.2, update to a version higher than 2.7.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the `button link` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Beaver Builder – WordPress Page Builder plugin for WordPress versions up to, and including, 2.7.4.4 **Description** The issue is related to Stored Cross-Site Scripting via the heading tag due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.7.4.4, update to a version higher than 2.7.4.4 to resolve the issue. As a temporary workaround, consider restricting contributor access and above to minimize the risk of exploitation. Additionally, avoid using the heading tag in pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.40 **Description** The issue is related to Stored Cross-Site Scripting via the embedded media custom block due to insufficient input sanitization and output escaping. This allows authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.4.40, update to a version that addresses the insufficient input sanitization and output escaping issue to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.12 **Description** The issue is related to Stored Cross-Site Scripting via the `icon align` attribute of the Content Switcher widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 1.12.12, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Content Switcher widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Prime Slider – Addons For Elementor plugin for WordPress versions up to, and including, 3.13.2 **Description** The issue is related to Stored Cross-Site Scripting via the `title tags` attribute of the Rubix widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.13.2, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Rubix widget for users with contributor-level access and above until a patch is available. Avoid using the `title tags` attribute in the Rubix widget until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9 **Description** The issue is related to Stored Cross-Site Scripting via the Covid-19 Stats Widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 2.6.9, update to a version higher than 2.6.9 to resolve the issue. As a temporary workaround, consider restricting access to the Covid-19 Stats Widget until a patch is available. Avoid using the Covid-19 Stats Widget in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.3 **Description** The issue is related to Stored Cross-Site Scripting via the `author meta tag` attribute of the Author Meta widget. This is due to insufficient input sanitization and output escaping, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 3.10.3, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the Author Meta widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Featured Image from URL (FIFU) plugin for WordPress versions up to, and including, 4.6.2 **Description** The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages via the `fifu input url` parameter, which will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.6.2, update to a version higher than 4.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the `fifu input url` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Premium Addons for Elementor plugin for WordPress versions up to, and including, 4.10.18 **Description** The issue is related to Stored Cross-Site Scripting via the button `onclick` attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.10.18, update to a version higher than 4.10.18 to resolve the issue. As a temporary workaround, consider restricting contributor access and above to minimize the risk of exploitation. Avoid using the `onclick` attribute in buttons until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.8 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 5.9.8, update to a version that includes the necessary security patches to fix the insufficient input sanitization and output escaping in the Filterable Gallery Widget. As a temporary workaround, consider restricting access to the Filterable Gallery Widget for users with contributor-level and above permissions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SiteOrigin Widgets Bundle plugin for WordPress versions up to, and including, 1.58.2 **Description** The issue is related to Stored Cross-Site Scripting via the `features` attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 1.58.2, update to a version higher than 1.58.2 to resolve the issue. As a temporary workaround, consider restricting access to the `features` attribute to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.0 **Description** The issue is related to Stored Cross-Site Scripting via the plugin's button URL due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 4.8.0, update to a version later than 4.8.0 to resolve the issue. As a temporary workaround, consider restricting access to the button URL feature to minimize the risk of exploitation. Additionally, restrict permissions to prevent contributors and above from injecting arbitrary web scripts.