Psai

**Name of the Vulnerable Software and Affected Versions** myCred versions through 2.9.7.6 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. **Recommendations** Update myCred to a version later than 2.9.7.6.

**Name of the Vulnerable Software and Affected Versions** Theme My Login versions through 7.1.12 **Description** An authorization issue exists in Theme My Login, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update Theme My Login to a version later than 7.1.12.

**Name of the Vulnerable Software and Affected Versions** wpeverest User Registration (affected versions not specified) **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS in the User Registration component. This enables potential attackers to inject malicious scripts into web pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ReichertBrothers SimplyRETS Real Estate IDX versions n/a through 3.0.3 **Description** The issue affects ReichertBrothers SimplyRETS Real Estate IDX, allowing Reflected XSS due to improper neutralization of input during web page generation. This is a type of Cross-site Scripting vulnerability. **Recommendations** For versions n/a through 3.0.3, update to a version later than 3.0.3 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious code injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TLA Media GTM Kit versions n/a through 2.3.1 **Description** The issue allows retrieval of embedded sensitive data due to debug messages revealing unnecessary information. **Recommendations** For versions n/a through 2.3.1, update to a version that fixes this issue, as the current version reveals sensitive data through debug messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ReichertBrothers SimplyRETS Real Estate IDX versions 3.0.3 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. **Recommendations** For versions 3.0.3 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided in the available data.

**Name of the Vulnerable Software and Affected Versions** Shipmondo – A complete shipping solution for WooCommerce versions through 5.0.3 **Description** The issue allows the retrieval of embedded sensitive data. This is related to the insertion of sensitive information into sent data. **Recommendations** For versions through 5.0.3, update to a version later than 5.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Astoundify Job Colors for WP Job Manager versions 1.0.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised pages. **Recommendations** For Astoundify Job Colors for WP Job Manager versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VaultRE Contact Form 7 versions 1.0 and earlier **Description** The issue affects VaultRE Contact Form 7, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to cross-site scripting. **Recommendations** For VaultRE Contact Form 7 versions 1.0 and earlier, update to a version that fixes the improper neutralization of input during web page generation to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Photo Feed versions 1.4.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control security levels. **Recommendations** For Simple Photo Feed versions 1.4.0 and earlier, update to a version that addresses the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.