Pavak Tiwari

**Name of the Vulnerable Software and Affected Versions** NetTantra WP Roles at Registration versions 0.23 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS, where an attacker can inject malicious scripts into a website, potentially affecting users who access the compromised page. **Recommendations** For NetTantra WP Roles at Registration versions 0.23 and earlier, update to a version that fixes the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NotifyVisitors plugin versions 1.0 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the NotifyVisitors plugin. **Recommendations** For versions 1.0 and earlier, update to a version later than 1.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's administrative interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** John Newcombe eBecas plugin versions <= 3.1.3 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For John Newcombe eBecas plugin versions <= 3.1.3, update to a version higher than 3.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Themeqx LetterPress plugin versions 1.1.2 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Themeqx LetterPress plugin versions 1.1.2 and earlier, update to a version later than 1.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MonitorClick Forms Ada – Form Builder plugin versions <= 1.0 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For MonitorClick Forms Ada – Form Builder plugin versions <= 1.0, update to a version greater than 1.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ian Haycox Motor Racing League plugin versions prior to 1.9.9 **Description** The issue is related to an Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability. This means that an attacker who has administrative access to the system can inject malicious scripts into the website, potentially leading to unauthorized actions. **Recommendations** For Ian Haycox Motor Racing League plugin versions prior to 1.9.9, update to a version 1.9.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Modern Events Calendar Lite WordPress plugin versions prior to 6.5.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 6.5.2, update to version 6.5.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to access and modify the plugin's settings until a patch is applied.