Nithissh S

**Name of the Vulnerable Software and Affected Versions** CrawlSpider SEO Change Monitor – Track Website Changes versions 1.2 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For versions 1.2 and earlier, update to a version that fixes the SQL Injection issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DenK BV Actueel Financieel Nieuws – Denk Internet Solutions plugin versions <= 5.1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For DenK BV Actueel Financieel Nieuws – Denk Internet Solutions plugin versions <= 5.1.0, update to a version higher than 5.1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GARY JEZORSKI CloudNet360 plugin versions <= 3.2.0 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 3.2.0, update to a version higher than 3.2.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pressference Exporter versions 1.0.3 and earlier **Description** The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For Pressference Exporter versions 1.0.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jes Madsen Cookies by JM plugin version 1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized access or data theft. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Jes Madsen Cookies by JM plugin version 1.0, update to a version higher than 1.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's administrative interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ujwol Bastakoti CT Commerce plugin versions <= 2.0.1 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin+ access can inject malicious scripts into the application, which can then be executed by other users. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions <= 2.0.1, update to a version greater than 2.0.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Duc Bui Quang WP Default Feature Image plugin versions 1.0.1.1 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Duc Bui Quang WP Default Feature Image plugin. **Recommendations** For Duc Bui Quang WP Default Feature Image plugin versions 1.0.1.1 and earlier, update to a version later than 1.0.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Reservation.Studio Reservation.Studio widget plugin versions 1.0.11 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions 1.0.11 and earlier, update to a version later than 1.0.11 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Aakif Kadiwala Tags Cloud Manager plugin versions 1.0.0 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions 1.0.0 and earlier, update to a version later than 1.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** André Bräkling WP-Matomo Integration (WP-Piwik) plugin versions prior to 1.0.28 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For André Bräkling WP-Matomo Integration (WP-Piwik) plugin versions prior to 1.0.28, update to version 1.0.28 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** chuyencode CC Custom Taxonomy plugin versions 1.0.1 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability requires authentication with admin+ privileges. **Recommendations** For versions 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** USB Memory Direct Simple Custom Author Profiles plugin version 1.0.0 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the USB Memory Direct Simple Custom Author Profiles plugin. **Recommendations** For USB Memory Direct Simple Custom Author Profiles plugin version 1.0.0 and earlier, update to a version later than 1.0.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CoreFortress Easy Event calendar plugin versions prior to 1.0 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For versions prior to 1.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nico Graff WP Simple Events plugin versions prior to 1.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that affects the Nico Graff WP Simple Events plugin. This vulnerability requires authentication with admin+ privileges. **Recommendations** For versions prior to 1.1, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** VryaSage Marketing Performance plugin versions prior to 2.0.0 **Description** The issue is related to a Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue.