Nirmal Kavaiya

**Name of the Vulnerable Software and Affected Versions** ElementInvader Addons for Elementor versions 1.3.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For ElementInvader Addons for Elementor versions 1.3.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mikemmx Super Block Slider versions through 2.7.9 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions through 2.7.9, update to a version that contains a fix for this issue, as the current version is affected by the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Elementor Addons AI Addons – 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress versions up to, and including, 2.2.1 **Description** The issue concerns insufficient restrictions on which templates can be included through the render function, allowing authenticated attackers with Contributor-level access and above to extract data from private or draft templates they should not have access to. **Recommendations** For versions up to, and including, 2.2.1, consider updating to a version newer than 2.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the render function to minimize the risk of exploitation. Restrict access to private or draft templates to prevent unauthorized data extraction until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bold Page Builder versions n/a through 5.2.1 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who visit the compromised page. **Recommendations** For versions n/a through 5.2.1, update to a version later than 5.2.1 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable features in Bold Page Builder until the issue is resolved.