Rafael B

**Name of the Vulnerable Software and Affected Versions** GLPI version 9.5.7 **Description** The software contains a flaw in the password recovery process that allows for username enumeration. An attacker can validate email addresses by submitting requests to the password reset functionality and observing the responses to determine valid user accounts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Autochat Automatic Conversation WordPress plugin versions 1.1.7 and earlier **Description** The issue is related to the lack of sanitization and escaping of user input before it is outputted back on the page. This leads to a cross-site scripting attack. **Recommendations** For Autochat Automatic Conversation WordPress plugin versions 1.1.7 and earlier, update to a version that properly sanitizes and escapes user input to prevent cross-site scripting attacks.

**Name of the Vulnerable Software and Affected Versions** QuBot WordPress plugin versions prior to 1.1.6 **Description** The issue concerns the QuBot WordPress plugin, where it fails to filter user input on chat. This allows malicious code to be inserted and reflected on the user dashboard. **Recommendations** For QuBot WordPress plugin versions prior to 1.1.6, update to version 1.1.6 or later to resolve the issue.