Raihan Adi Arba

**Name of the Vulnerable Software and Affected Versions** Hydra Booking versions prior to 1.1.42 **Description** A missing authorization issue in Themefic Hydra Booking allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action. **Recommendations** Update to a version later than 1.1.41.

**Name of the Vulnerable Software and Affected Versions** wpeverest User Registration versions prior to 5.1.6 **Description** An improper neutralization of input during web page generation allows for Reflected Cross-site Scripting (XSS), a flaw where an application includes untrusted data in a web page without proper validation, enabling attackers to execute malicious scripts in the victim's browser. **Recommendations** Update to a version newer than 5.1.5.