Ppzzaarr

**Name of the Vulnerable Software and Affected Versions** YITH WooCommerce Wishlist versions prior to 4.12.0 **Description** An authorization bypass exists due to a user-controlled key, which allows for the exploitation of incorrectly configured access control security levels. **Recommendations** Update to a version later than 4.12.0.

**Name of the Vulnerable Software and Affected Versions** Advanced Coupons for WooCommerce versions through 4.7.1 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update Advanced Coupons for WooCommerce to a version newer than 4.7.1.

**Name of the Vulnerable Software and Affected Versions** inseriswiss inseri core versions through 1.0.5 **Description** An authorization issue exists in inseriswiss inseri core inseri-core, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update inseriswiss inseri core to a version later than 1.0.5.

**Name of the Vulnerable Software and Affected Versions** Podlove Web Player versions through 5.9.1 **Description** The Podlove Web Player contains a flaw due to deserialization of untrusted data, which can lead to object injection. This issue allows for potential exploitation through the deserialization process. **Recommendations** Update Podlove Web Player to a version later than 5.9.1.

**Name of the Vulnerable Software and Affected Versions** WP Swings Ultimate Gift Cards For WooCommerce versions through 3.2.4 **Description** An authorization issue exists in WP Swings Ultimate Gift Cards For WooCommerce. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update WP Swings Ultimate Gift Cards For WooCommerce to a version later than 3.2.4.

**Name of the Vulnerable Software and Affected Versions** NotificationX versions through 3.2.1 **Description** A missing authorization flaw exists in NotificationX. This issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update NotificationX to a version later than 3.2.1.

**Name of the Vulnerable Software and Affected Versions** The Events Calendar Shortcode & Block versions through 3.1.1 **Description** The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. **Recommendations** Update The Events Calendar Shortcode & Block to a version newer than 3.1.1.

**Name of the Vulnerable Software and Affected Versions** XLPlugins NextMove Lite versions through 2.23.0 **Description** An authorization bypass exists due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. The issue is present in the woo-thank-you-page-nextmove-lite component. **Recommendations** Update XLPlugins NextMove Lite to a version newer than 2.23.0.

**Name of the Vulnerable Software and Affected Versions** WebAppick CTX Feed versions through 6.6.18 **Description** A missing authorization issue exists in WebAppick CTX Feed webappick-product-feed-for-woocommerce. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update WebAppick CTX Feed to a version later than 6.6.18.

**Name of the Vulnerable Software and Affected Versions** YITH WooCommerce Request A Quote versions through 2.46.0 **Description** The YITH WooCommerce Request A Quote plugin contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access. The issue involves a missing authorization check. **Recommendations** Update YITH WooCommerce Request A Quote to a version newer than 2.46.0.

**Name of the Vulnerable Software and Affected Versions** 10up Eight Day Week Print Workflow versions through 1.2.5 **Description** The Eight Day Week Print Workflow software contains a flaw that allows unauthorized retrieval of embedded sensitive data, leading to exposure of sensitive system information. **Recommendations** Update Eight Day Week Print Workflow to a version later than 1.2.5.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A problematic issue exists due to the manipulation of the `searchdata` argument within the HTTP POST Request Handler component, specifically when processing the `/search-visitor.php` file. This manipulation leads to cross site scripting, and the attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Apartment Visitors Management System version 1.0, sanitize the `searchdata` argument within the `/search-visitor.php` file to prevent cross site scripting.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A cross site scripting issue exists due to the manipulation of the `visname` argument within the HTTP POST Request Handler in the /bwdates-reports.php file. The attack can be launched remotely. The exploit has been disclosed to the public. **Recommendations** As a temporary workaround, consider restricting access to the /bwdates-reports.php file until a fix is available. Sanitize the `visname` argument to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A cross-site scripting issue exists due to the manipulation of the `visname` argument within the HTTP POST Request Handler component, specifically in the `/visitor-detail.php` file. The issue is remotely exploitable and the exploit has been publicly disclosed. **Recommendations** Address the manipulation of the `visname` argument in the `/visitor-detail.php` file to prevent cross-site scripting.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A problematic issue exists in PHPGurukul Apartment Visitors Management System 1.0. The issue is related to cross site scripting within the HTTP POST Request Handler component, specifically affecting the `/admin-profile.php` file. Manipulation of the `adminname` argument can trigger the issue remotely. The exploit has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `/admin-profile.php` file.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A problematic issue exists in the processing of the `/manage-newvisitors.php` file within the HTTP POST Request Handler component. Manipulation of the `visname` argument can lead to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public. Other parameters might also be affected. **Recommendations** As a mitigation, consider restricting or disabling the HTTP POST Request Handler component.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A vulnerability exists in the HTTP POST Request Handler component of PHPGurukul Apartment Visitors Management System. The `visname` argument within the `bwdates-passreports-details.php` file is susceptible to cross-site scripting (XSS). This issue can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A vulnerability exists in the PHPGurukul Apartment Visitors Management System that allows for cross site scripting. The issue is located in the `pass-details.php` file within the HTTP POST Request Handler component. Manipulation of the `visname` argument can lead to exploitation. The exploit has been publicly disclosed. **Recommendations** Address the issue in PHPGurukul Apartment Visitors Management System version 1.0 by sanitizing the `visname` argument within the `pass-details.php` file to prevent cross site scripting.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A problematic issue exists in the HTTP POST Request Handler component of the software. The vulnerability is due to the manipulation of the `visname` argument within the `/create-pass.php` file, which can lead to cross site scripting. It is possible to initiate the attack remotely. **Recommendations** As a temporary workaround, consider restricting access to the `/create-pass.php` file until a fix is available. Sanitize the `visname` input parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Apartment Visitors Management System version 1.0 **Description** A cross site scripting issue exists due to the manipulation of the `categoryname` argument within the HTTP POST Request Handler component’s `/category.php` file. The attack can be launched remotely. The exploit has been disclosed publicly. **Recommendations** As a temporary workaround, consider restricting access to the `/category.php` file to minimize the risk of exploitation. Sanitize the `categoryname` argument to prevent the injection of malicious scripts.