Qilin_99

**Name of the Vulnerable Software and Affected Versions** YOP Poll versions prior to 6.5.28 **Description** The issue is related to an Authentication Bypass by Primary Weakness vulnerability in YOP Poll, allowing unauthorized access. **Recommendations** For versions prior to 6.5.28, update to version 6.5.28 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ExpressTech Quiz And Survey Master versions through 8.1.10 **Description** The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. This is due to broken access control, which can be exploited. **Recommendations** Update to the latest version to secure your site and mitigate risks.

**Name of the Vulnerable Software and Affected Versions** Very Simple Contact Form plugin versions prior to 13.9 VS Contact Form versions prior to 14.0 **Description** The issue affects the Very Simple Contact Form plugin for WordPress, allowing a CAPTCHA bypass due to a Weak Authentication vulnerability. This enables Authentication Abuse. Users are urged to update to the latest version to mitigate risks. **Recommendations** For Very Simple Contact Form plugin versions prior to 13.9, update to the latest version to secure your site. For VS Contact Form versions prior to 14.0, update to the latest version to protect against Authentication Abuse.

**Name of the Vulnerable Software and Affected Versions** Form Maker by 10Web versions 1.15.20 and earlier **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts, allowing Functionality Bypass. This means that an attacker could potentially bypass certain functionality due to the lack of proper restrictions on authentication attempts. **Recommendations** For versions 1.15.20 and earlier, update to a version later than 1.15.20 to resolve the issue. As a temporary workaround, consider restricting access to the Form Maker by 10Web to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nitin Rathod WP Forms Puzzle Captcha versions through 4.1 **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability, allowing Functionality Bypass in Nitin Rathod WP Forms Puzzle Captcha. **Recommendations** For versions through 4.1, update to a version that contains a fix for this issue, as the current version allows for excessive authentication attempts, potentially leading to functionality bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Captcha/Honeypot for Contact Form 7 versions 1.11.3 and earlier **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts, allowing Functionality Bypass. This means that the Captcha/Honeypot for Contact Form 7 does not properly restrict excessive authentication attempts, which can lead to bypassing its functionality. **Recommendations** For versions 1.11.3 and earlier, as a temporary workaround, consider disabling the Captcha/Honeypot functionality until a patch is available. Restrict access to the Captcha/Honeypot module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Captcha versions through 2.0.0 **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha, allowing Functionality Bypass. **Recommendations** For WP Captcha versions through 2.0.0, update to a version later than 2.0.0 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Cartpauj Register Captcha versions 1.0.02 and earlier **Description** The issue is related to an Improper Control of Interaction Frequency vulnerability in Cartpauj Register Captcha, allowing Functionality Misuse. **Recommendations** For Cartpauj Register Captcha versions 1.0.02 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebFactory Ltd Captcha Code versions n/a through 2.9 **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability, which allows for Functionality Bypass in the Captcha Code. **Recommendations** For versions n/a through 2.9, update to a version that includes a fix for this issue, as the current version allows for excessive authentication attempts to bypass functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodePeople Contact Form Email versions 1.3.41 and earlier **Description** The issue is related to an Improper Restriction of Excessive Authentication Attempts, which allows for Functionality Bypass in the CodePeople Contact Form Email. **Recommendations** For CodePeople Contact Form Email versions 1.3.41 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Captcha by BestWebSoft versions 5.2.0 and earlier **Description** A Guessable CAPTCHA vulnerability allows functionality bypass. **Recommendations** For versions 5.2.0 and earlier, update to a version later than 5.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Disable User Login versions 1.3.7 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Disable User Login feature. This allows an attacker to perform unintended actions on a user's account. **Recommendations** For versions 1.3.7 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Caddy – Smart Side Cart for WooCommerce versions 1.9.7 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.9.7 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PayTR Taksit Tablosu – WooCommerce versions 1.3.1 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the specified software. This type of issue allows an attacker to perform unintended actions on a user's behalf. **Recommendations** For versions 1.3.1 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MkRapel Regiones y Ciudades de Chile para WC versions through 4.3.0 **Description** A Cross-Site Request Forgery (CSRF) issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consent. **Recommendations** For versions through 4.3.0, update to a version later than 4.3.0 to resolve the issue. As a temporary workaround, consider implementing additional validation for requests to prevent unauthorized actions.

**Name of the Vulnerable Software and Affected Versions** VillaTheme Product Size Chart For WooCommerce versions 1.1.5 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.1.5 and earlier, update to a version that includes a fix for this issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation. Restrict access to sensitive areas of the application to minimize the risk of unintended actions.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Login Redirect versions 2.2.4 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the WooCommerce Login Redirect plugin. This allows an attacker to perform unintended actions on a user's account. **Recommendations** For versions 2.2.4 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Forms Puzzle Captcha versions n/a through 4.1 **Description** A Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. **Recommendations** For WP Forms Puzzle Captcha versions n/a through 4.1, update to a version later than 4.1 to resolve the issue. As a temporary workaround, consider disabling the `WP Forms Puzzle Captcha` plugin until a patch is available. Restrict access to sensitive areas of the website to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Anton Bond Additional Order Filters for WooCommerce plugin versions <= 1.10 **Description** The issue is an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions <= 1.10, update to a version higher than 1.10 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Custom My Account for Woocommerce versions through 2.1 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Cross-Site Scripting (XSS). **Recommendations** For versions through 2.1, update to a version that contains a fix for this issue.