Prissy

**Name of the Vulnerable Software and Affected Versions** Ryan Hellyer Simple Colorbox versions through 1.6.1 **Description** The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting (XSS). This specific instance allows for Stored XSS attacks. **Recommendations** Update Ryan Hellyer Simple Colorbox to a version later than 1.6.1.

**Name of the Vulnerable Software and Affected Versions** SKT Blocks versions through 2.5 **Description** The software contains a flaw related to improper handling of user-supplied data during the creation of web pages, which can lead to Stored Cross-site Scripting (XSS). This allows an attacker to inject malicious scripts into web pages viewed by other users. The issue affects SKT Blocks. **Recommendations** Update SKT Blocks to a version later than 2.5.

**Name of the Vulnerable Software and Affected Versions** Quick View for WooCommerce versions through 2.2.16 **Description** The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting (XSS). This specific instance allows for Stored XSS attacks. The issue affects the way data is processed and displayed, potentially allowing malicious scripts to be injected into web pages. **Recommendations** Update Quick View for WooCommerce to a version later than 2.2.16.

**Name of the Vulnerable Software and Affected Versions** Ataur R GutenKit versions through 2.4.2 **Description** The software contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-site Scripting (XSS). This allows an attacker to inject malicious scripts into web pages viewed by other users. The affected component is susceptible to exploitation through web page generation processes. **Recommendations** Update Ataur R GutenKit to a version later than 2.4.2.

**Name of the Vulnerable Software and Affected Versions** GhozyLab Gallery Lightbox versions through 1.0.0.41 **Description** The software contains a flaw due to improper input handling during web page creation, leading to a Cross-site Scripting (XSS) issue. Specifically, the vulnerability allows for Stored XSS attacks. The issue involves the injection of malicious scripts into web pages, potentially compromising user data and system security. The affected API endpoints and vulnerable parameters are not specified. **Recommendations** Update GhozyLab Gallery Lightbox to a version later than 1.0.0.41.

**Name of the Vulnerable Software and Affected Versions** WPBean WPB Quick View for WooCommerce versions through 2.1.8 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting issue. This allows for Stored XSS attacks. The issue impacts the way data is processed, potentially allowing malicious code injection. **Recommendations** Update WPBean WPB Quick View for WooCommerce to a version later than 2.1.8.

**Name of the Vulnerable Software and Affected Versions** NGG Smart Image Search versions through 3.4.3 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. The issue impacts NGG Smart Image Search. **Recommendations** Update NGG Smart Image Search to a version later than 3.4.3.

**Name of the Vulnerable Software and Affected Versions** PriceListo Best Restaurant Menu by PriceListo versions through 1.4.3 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update PriceListo Best Restaurant Menu by PriceListo to a version later than 1.4.3.

**Name of the Vulnerable Software and Affected Versions** ARI Fancy Lightbox versions through 1.4.0 **Description** The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, specifically a Stored Cross-site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. **Recommendations** Update ARI Fancy Lightbox to a version later than 1.4.0.

**Name of the Vulnerable Software and Affected Versions** WPBean WPB Elementor Addons versions through 1.6 **Description** The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update WPBean WPB Elementor Addons to a version later than 1.6.

**Name of the Vulnerable Software and Affected Versions** prettyPhoto versions through 1.2.4 **Description** The software contains an improper neutralization of input during web page generation, leading to a cross-site scripting (XSS) issue. The vulnerability allows for stored XSS attacks. **Recommendations** Update prettyPhoto to a version later than 1.2.4.

**Name of the Vulnerable Software and Affected Versions** origincode Video Gallery – Vimeo and YouTube Gallery versions through 1.1.7 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Stored Cross-site Scripting condition. **Recommendations** Update origincode Video Gallery – Vimeo and YouTube Gallery to a version later than 1.1.7.

Name of the Vulnerable Software and Affected Versions: Colorbox Lightbox versions through 1.1.5 Description: An improper neutralization of input during web page generation issue, specifically a Stored Cross-site Scripting (XSS) flaw, exists in Noor Alam Colorbox Lightbox. This issue allows for the injection of malicious scripts into web pages, potentially compromising user data and system security. Recommendations: Update Colorbox Lightbox to a version newer than 1.1.5.

**Name of the Vulnerable Software and Affected Versions** bPlugins LightBox Block versions through 1.1.30 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). This can lead to the execution of malicious scripts on a user's web page. **Recommendations** Update bPlugins LightBox Block to a version later than 1.1.30.

**Name of the Vulnerable Software and Affected Versions** CyberChimps Responsive Addons for Elementor versions through 1.7.3 **Description** The software contains a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. **Recommendations** Update Responsive Addons for Elementor to a version later than 1.7.3.

Name of the Vulnerable Software and Affected Versions: Noor Alam WP fancybox versions 1.0.0 through 1.0.4 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into the website, potentially affecting user sessions. Recommendations: For versions 1.0.0 through 1.0.4, update to a version later than 1.0.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bPlugins Video Gallery Block versions 1.1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into the application, potentially leading to unauthorized actions. Recommendations: For bPlugins Video Gallery Block version 1.1.0 and earlier, consider disabling the video gallery functionality until a patch is available to prevent stored XSS attacks. Restrict access to the video gallery block to minimize the risk of exploitation. Avoid using user-inputted data in the video gallery block until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PublishPress Gutenberg Blocks versions 3.3.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. Recommendations: For versions 3.3.1 and earlier, update to a version later than 3.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the Gutenberg Blocks feature until a patch is available. Avoid using the vulnerable blocks in the affected versions to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Devnex Addons For Elementor versions 1.0.9 and earlier Description: The issue is related to Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability, which allows PHP Local File Inclusion. Recommendations: For Devnex Addons For Elementor versions 1.0.9 and earlier, update to a version later than 1.0.9 to resolve the issue. At the moment, there is no information about additional mitigation measures.

Name of the Vulnerable Software and Affected Versions: Firelight Lightbox versions through 2.3.16 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS attacks. This means an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. Recommendations: For versions through 2.3.16, update to a version later than 2.3.16 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.