Que Thanh Tuan - Blue Rock

**Name of the Vulnerable Software and Affected Versions** Saad Iqbal License Manager for WooCommerce versions through 3.0.12 **Description** The software contains an SQL injection flaw that allows for blind SQL injection. This issue is due to improper neutralization of special elements used in an SQL command. **Recommendations** Update Saad Iqbal License Manager for WooCommerce to a version later than 3.0.12.

**Name of the Vulnerable Software and Affected Versions** pusheco Pushe Web Push Notification versions through 0.5.0 **Description** The software contains a cross-site scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This allows for stored XSS attacks. **Recommendations** Update to a version later than 0.5.0.

**Name of the Vulnerable Software and Affected Versions** webvitaly Search by Google versions through 1.9 **Description** The webvitaly Search by Google application contains a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. **Recommendations** Update webvitaly Search by Google to a version later than 1.9.

**Name of the Vulnerable Software and Affected Versions** WP CodeUs Ultimate Client Dash versions through 4.6 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update WP CodeUs Ultimate Client Dash to a version later than 4.6.

**Name of the Vulnerable Software and Affected Versions** jimmywb Simple Link List Widget versions through 0.3.2 **Description** The software contains a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. **Recommendations** Update to a version later than 0.3.2.

**Name of the Vulnerable Software and Affected Versions** OTWthemes Widgetize Pages Light versions through 3.0 **Description** The software contains an Improper Neutralization of Input During Web Page Generation, which results in a Stored Cross-Site Scripting (XSS) issue. **Recommendations** Update OTWthemes Widgetize Pages Light to a version later than 3.0.

**Name of the Vulnerable Software and Affected Versions** dudaster Elementor Element Condition versions through 1.0.5 **Description** The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update to a version later than 1.0.5.

**Name of the Vulnerable Software and Affected Versions** WPKube Authors List versions n/a through 2.0.6.1 **Description** A Cross-Site Request Forgery (CSRF) issue exists in WPKube Authors List, potentially allowing an attacker to perform actions on behalf of an authenticated user. **Recommendations** Update WPKube Authors List to a version later than 2.0.6.1.

**Name of the Vulnerable Software and Affected Versions** Arjan Olsder SEO Auto Linker versions through 1.5.3 **Description** The software contains a cross-site scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This allows for stored XSS attacks. **Recommendations** Update Arjan Olsder SEO Auto Linker to a version later than 1.5.3.

**Name of the Vulnerable Software and Affected Versions** WP Full Stripe Free versions through 8.3.0 **Description** WP Full Stripe Free is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. **Recommendations** Update WP Full Stripe Free to a version later than 8.3.0.

**Name of the Vulnerable Software and Affected Versions** rbaer Simple Matomo Tracking Code versions through 1.1.0 **Description** The software contains an Improper Neutralization of Input During Web Page Generation vulnerability, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update rbaer Simple Matomo Tracking Code to a version later than 1.1.0.

**Name of the Vulnerable Software and Affected Versions** chandrashekharsahu Site Offline versions n/a through 1.5.7 **Description** An incorrect privilege assignment exists in Site Offline, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update Site Offline to a version later than 1.5.7.

Name of the Vulnerable Software and Affected Versions: solacewp Solace Extra versions through 1.3.2 Description: A Server-Side Request Forgery (SSRF) vulnerability exists in solacewp Solace Extra, allowing Server Side Request Forgery. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Uncanny Automator versions through 6.7.0.1 Description: A missing authorization issue exists in Uncanny Automator, allowing exploitation of incorrectly configured access control security levels and potentially enabling unauthorized access. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Xylus Themes WP Bulk Delete versions through 1.3.6 Description: A missing authorization flaw exists in Xylus Themes WP Bulk Delete, allowing exploitation of incorrectly configured access control security levels. Recommendations: Update Xylus Themes WP Bulk Delete to a version newer than 1.3.6.

Name of the Vulnerable Software and Affected Versions: rewish WP Emmet versions through 0.3.4 Description: The vulnerability involves improper neutralization of input during web page generation, leading to a stored cross-site scripting (XSS) issue. Recommendations: Update rewish WP Emmet to a version later than 0.3.4.

Name of the Vulnerable Software and Affected Versions: vcita Online Booking & Scheduling Calendar for WordPress by vcita versions through 4.5.3 Description: The software contains a vulnerability that allows for the upload of files with dangerous types. This enables the use of malicious files. Recommendations: Update vcita Online Booking & Scheduling Calendar for WordPress by vcita to a version later than 4.5.3.

Name of the Vulnerable Software and Affected Versions: riotweb Contact Info Widget versions through 2.6.2 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting (XSS). Recommendations: Update to a version later than 2.6.2.

Name of the Vulnerable Software and Affected Versions: vcita Online Booking & Scheduling Calendar for WordPress versions through 4.5.3 Description: The software contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue that allows Stored XSS. Recommendations: Update to a version later than 4.5.3.

Name of the Vulnerable Software and Affected Versions: TaxoPress versions through 3.37.2 Description: An insertion of sensitive information into sent data issue exists in Steve Burge TaxoPress, allowing retrieval of embedded sensitive data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.