Pritam Dash

Name of the Vulnerable Software and Affected Versions: ARForms Form Builder versions through 1.7.1 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, allowing code injection. This is a Basic XSS vulnerability that affects ARForms Form Builder, enabling users to inject code. Recommendations: For versions through 1.7.1, update to a version that fixes the improper neutralization of script-related HTML tags to prevent code injection. As a temporary workaround, consider restricting the use of the `ARForms Form Builder` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Popup Builder WordPress plugin versions prior to 4.1.11 **Description** The issue allows high privilege users to perform Stored Cross-Site Scripting attacks when the `unfiltred html` is disallowed, due to the plugin not escaping and sanitizing some settings. **Recommendations** For versions prior to 4.1.11, update to version 4.1.11 or later to resolve the issue. As a temporary workaround, consider restricting access to settings that could be used to perform Stored Cross-Site Scripting attacks until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin versions prior to 2.1.8 **Description** The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitize and escape some campaign parameters. **Recommendations** For versions prior to 2.1.8, update to version 2.1.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Coming Soon & Maintenance Mode by Colorlib WordPress plugin versions prior to 1.0.99 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting when unfiltered html is disallowed, for example in a multisite setup. This is due to the plugin not sanitizing and escaping some settings. **Recommendations** For versions prior to 1.0.99, update to version 1.0.99 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.