Phd

**Name of the Vulnerable Software and Affected Versions** Integration for WooCommerce and QuickBooks versions 1.2.3 and earlier **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects the CRM Perks Integration for WooCommerce and QuickBooks. **Recommendations** For versions 1.2.3 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Swapnil V. Patil Login and Logout Redirect versions n/a through 2.0.3 **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects the Login and Logout Redirect functionality. **Recommendations** For versions n/a through 2.0.3, as a temporary workaround, consider restricting access to the Login and Logout Redirect functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin versions prior to 1.3.7 **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability affects the CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin. **Recommendations** For versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Doofinder WP & WooCommerce Search versions through 2.1.7 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS. **Recommendations** For versions through 2.1.7, update to a version later than 2.1.7 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Responsive Column Widgets versions 1.2.7 and earlier **Description** The issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability. This vulnerability allows an attacker to redirect users to untrusted sites. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions 1.2.7 and earlier, update to a version later than 1.2.7 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Campaign Monitor for WordPress versions through 2.8.12 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** For versions through 2.8.12, update to a version later than 2.8.12 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Community by PeepSo – Social Network, Membership, Registration, User Profiles versions through 6.2.6.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions through 6.2.6.0, update to a version later than 6.2.6.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin versions <= 6.5.3 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. The vulnerability is present in the Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin. **Recommendations** For versions <= 6.5.3, update to a version higher than 6.5.3 to resolve the issue. As a temporary workaround, consider disabling the vulnerable plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin versions <= 3.1.5 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions <= 3.1.5, update to a version greater than 3.1.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin versions <= 1.42 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This allows for unauthorized reflected cross-site scripting, which can be exploited by an attacker. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin versions <= 1.42, update to a version higher than 1.42 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available. Avoid using the plugin in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tyche Softwares Order Delivery Date for WooCommerce plugin versions <= 3.20.0 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This allows for malicious scripts to be injected into a website, potentially leading to unauthorized actions. **Recommendations** For versions <= 3.20.0, update to a version higher than 3.20.0 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adenion Blog2Social: Social Media Auto Post & Scheduler plugin versions <= 7.2.0 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 7.2.0, update to a version higher than 7.2.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available. Avoid using the plugin for social media auto-posting and scheduling until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP-EXPERTS.IN TEAM WP Categories Widget plugin versions <= 2.2 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For WP-EXPERTS.IN TEAM WP Categories Widget plugin versions <= 2.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Chop-Chop Coming Soon Chop Chop plugin versions 2.2.4 and earlier **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For Chop-Chop Coming Soon Chop Chop plugin versions 2.2.4 and earlier, update to a version later than 2.2.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ignazio Scimone Albo Pretorio On line plugin versions <= 4.6.3 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For Ignazio Scimone Albo Pretorio On line plugin versions <= 4.6.3, update to a version higher than 4.6.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Teplitsa of social technologies Leyka plugin versions <= 3.30.2 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions <= 3.30.2, update to a version higher than 3.30.2 to resolve the issue. As a temporary workaround, consider restricting access to the Leyka plugin until a patch is available. Avoid using the plugin in sensitive environments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Hiroaki Miyashita Custom Field Template plugin versions <= 2.5.9 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. **Recommendations** For versions <= 2.5.9, update to a version higher than 2.5.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** David Lingren Media Library Assistant plugin versions <= 3.0.7 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in a submodule of the David Lingren Media Library Assistant plugin. This vulnerability allows for reflected cross-site scripting attacks without authentication. **Recommendations** For versions <= 3.0.7, update to a version greater than 3.0.7 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RadiusTheme Variation Swatches for WooCommerce plugin versions prior to 2.3.8 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into the website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions prior to 2.3.8, update to version 2.3.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Andy Moyle Church Admin plugin versions 3.7.29 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This allows for malicious scripts to be injected into websites, potentially leading to unauthorized actions. **Recommendations** For versions 3.7.29 and earlier, update to a version later than 3.7.29 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the plugin to minimize the risk of exploitation.