Pablo Sanchez

Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks Application Delivery Platform (affected versions not specified) Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this by injecting malicious code into specific pages of the interface, potentially executing arbitrary script code in the context of the affected interface or accessing sensitive, browser-based information. The attacker must have valid administrative credentials to exploit this vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Booking Calendar WordPress plugin versions prior to 9.7.3.1 **Description** The issue allows unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators due to the plugin's failure to sanitize and escape some of its booking form data. **Recommendations** For versions prior to 9.7.3.1, update to version 9.7.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the booking form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The WordPress Online Booking and Scheduling Plugin versions prior to 22.4 **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by high privilege users such as admin. **Recommendations** For versions prior to 22.4, update to version 22.4 or later to resolve the issue. As a temporary workaround, consider restricting access to high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Translate WordPress with GTranslate WordPress plugin versions prior to 3.0.4 **Description** The issue concerns the lack of sanitization and escaping of certain settings in the plugin, which could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed, for example, in a multisite setup. The vulnerability affects multiple parameters. **Recommendations** For versions prior to 3.0.4, update to version 3.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high-privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP Job Portal versions prior to 2.0.6 **Description** The issue is related to a SQL injection problem. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This allows unauthenticated users to exploit the site. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP EasyPay WordPress plugin versions prior to 4.1 **Description** The issue is related to Reflected Cross-Site Scripting, where some generated URLs are not properly escaped before being outputted back in pages. This could be used against high-privilege users, such as admins. **Recommendations** For versions prior to 4.1, update to version 4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive pages or disabling potentially vulnerable features until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Quick Paypal Payments WordPress plugin versions prior to 5.7.26.4 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 5.7.26.4, update to version 5.7.26.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MyCryptoCheckout WordPress plugin versions prior to 2.124 **Description** The issue is related to Reflected Cross-Site Scripting. It occurs because some URLs are not properly escaped before being outputted in attributes. **Recommendations** For versions prior to 2.124, update to version 2.124 or later to resolve the issue.