Ptsfence

**Name of the Vulnerable Software and Affected Versions** Aazztech Post Slider versions 1.6.7 and earlier **Description** The issue is related to a Missing Authorization vulnerability. This vulnerability affects Aazztech Post Slider, allowing potential unauthorized access. **Recommendations** For versions 1.6.7 and earlier, update to a version later than 1.6.7 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** KrishaWeb Add Multiple Marker plugin versions <= 1.2 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For KrishaWeb Add Multiple Marker plugin versions <= 1.2, update to a version higher than 1.2 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Activity Reactions For Buddypress plugin versions <= 1.0.22 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 1.0.22, update to a version higher than 1.0.22 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** AFS Analytics plugin versions prior to 4.19 **Description** The issue is a Stored Cross-site Scripting (XSS) vulnerability. This means an attacker can inject malicious scripts into the website, which will be executed by the user's browser. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For versions prior to 4.19, update to version 4.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the AFS Analytics plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin versions 1.7.0.6 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.7.0.6 and earlier, update to a version later than 1.7.0.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin versions 1.0.15 and earlier **Description** The issue is related to Cross-Site Request Forgery (CSRF) in the OptinlyHQ Optinly plugin. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin versions 1.0.15 and earlier, update to a version later than 1.0.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SeoSamba for WordPress Webmasters plugin versions 1.0.5 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.0.5 and earlier, update to a version later than 1.0.5 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** AA-Team WZone – Lite Version plugin version 3.1 Lite **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For AA-Team WZone – Lite Version plugin version 3.1 Lite, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 3com - Asesor de Cookies para normativa española plugin versions <= 3.4.3 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin privileges can inject malicious scripts into the application, which can then be executed by other users. **Recommendations** For 3com - Asesor de Cookies para normativa española plugin versions <= 3.4.3, update to a version higher than 3.4.3 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 2kb Amazon Affiliates Store plugin versions <=2.1.5 **Description** The issue is a Reflected Cross-Site Scripting (XSS) vulnerability. This means an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session. **Recommendations** For 2kb Amazon Affiliates Store plugin versions <=2.1.5, update to a version higher than 2.1.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Accessibility plugin versions prior to 1.0.4 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin or higher privileges. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoho CRM Lead Magnet plugin versions <= 1.7.5.8 **Description** The issue allows authenticated users with subscriber or higher privileges to update arbitrary options. **Recommendations** For Zoho CRM Lead Magnet plugin versions <= 1.7.5.8, update to a version higher than 1.7.5.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** David Anderson Testimonial Slider plugin version 1.3.1 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that can lead to Cross-Site Scripting (XSS). **Recommendations** For David Anderson Testimonial Slider plugin version 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** 5 Anker Connect plugin versions 1.2.6 and earlier **Description** The issue is an authenticated reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker could potentially inject malicious scripts into the website, which would then be executed by the user's browser. **Recommendations** For 5 Anker Connect plugin versions 1.2.6 and earlier, update to a version later than 1.2.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including 2.3.0 **Description** The issue allows for authorization bypass via several AJAX actions due to missing capability checks and missing nonce validation. This enables authenticated attackers with minimal permissions to perform various actions, such as modifying the plugin's settings and the ordering system preferences. **Recommendations** For versions up to, and including 2.3.0, update to a version that includes the necessary capability checks and nonce validation to prevent authorization bypass. As a temporary workaround, consider restricting access to the AJAX actions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including, 2.3.1 **Description** The issue is due to missing or incorrect nonce validation on several functions called via AJAX actions, such as `forms action`, `set option`, and `chosen options`. This allows unauthenticated attackers to perform administrative actions, like modifying forms, by tricking a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 2.3.1, update to a version that includes proper nonce validation for AJAX actions to prevent Cross-Site Request Forgery attacks. As a temporary workaround, consider restricting access to the AJAX endpoints related to `forms action`, `set option`, and `chosen options` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mammothology AB Press Optimizer plugin versions 1.1.1 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access or control. The vulnerability requires authentication with admin or higher privileges. **Recommendations** For Mammothology AB Press Optimizer plugin versions 1.1.1 and earlier, update to a version later than 1.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's administrative interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Add Shortcodes Actions And Filters plugin version 2.0.9 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into the application, potentially leading to unauthorized actions on behalf of other users. **Recommendations** For Add Shortcodes Actions And Filters plugin version 2.0.9 and earlier, update to a version later than 2.0.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** YDS Support Ticket System plugin versions <= 1.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on the web application. **Recommendations** For YDS Support Ticket System plugin versions <= 1.0, update to a version higher than 1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CPO Shortcodes plugin versions prior to 1.5.0 **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into the application, potentially leading to unauthorized actions on behalf of other users. **Recommendations** For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue.