Ran Crane

**Name of the Vulnerable Software and Affected Versions** Advanced Admin Search WordPress plugin versions prior to 1.1.6 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For versions prior to 1.1.6, update to version 1.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Admin Menu Editor WordPress plugin versions prior to 1.0.5 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For Admin Menu Editor WordPress plugin versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bank Mellat WordPress plugin versions prior to 1.3.8 **Description** The issue arises from the failure to sanitize and escape the `orderId` parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. **Recommendations** For Bank Mellat WordPress plugin versions prior to 1.3.8, update to version 1.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page that outputs the `orderId` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Delete Old Orders WordPress plugin versions 0.2 and earlier **Description** The issue concerns a Reflected Cross-Site Scripting problem. It occurs because the `date` parameter is not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For Delete Old Orders WordPress plugin versions 0.2 and earlier, update to a version that properly sanitizes and escapes the `date` parameter to prevent Reflected Cross-Site Scripting.

**Name of the Vulnerable Software and Affected Versions** dTabs WordPress plugin versions prior to 1.4 **Description** The issue arises from the lack of proper sanitization and escaping of the `tab` parameter, which is then outputted back in an admin page. This leads to a Reflected Cross-Site Scripting issue, allowing potential attackers to inject malicious scripts. **Recommendations** For dTabs WordPress plugin versions prior to 1.4, update to version 1.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Conference Scheduler WordPress plugin versions prior to 2.4.3 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `tab` parameter is not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Database Peek WordPress plugin versions prior to 1.3 **Description** The issue arises from the lack of proper sanitization and escaping of the `match` parameter, which is then outputted back in an admin page. This leads to a Reflected Cross-Site Scripting issue, allowing potential attackers to inject malicious scripts. **Recommendations** For Database Peek WordPress plugin versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the `match` parameter is outputted to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bulk Creator WordPress plugin versions prior to 1.0.2 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `post type` parameter is not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For Bulk Creator WordPress plugin versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Popup Like box WordPress plugin versions prior to 3.6.1 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `ays fb tab` parameter is not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Amelia WordPress plugin versions prior to 1.0.47 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `code` parameter is not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For versions prior to 1.0.47, update to version 1.0.47 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mega Menu WordPress plugin versions prior to 3.0.8 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the ` wpnonce` parameter is not properly sanitized and escaped before being outputted back in an admin page. This can lead to malicious script execution. **Recommendations** For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages to minimize the risk of exploitation. Avoid using the ` wpnonce` parameter in affected admin pages until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pricing Table Builder WordPress plugin versions prior to 1.1.5 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `postid` parameter is not properly sanitized and escaped before being outputted back in an admin page. This can lead to malicious script execution. **Recommendations** For versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the `postid` parameter is outputted to minimize the risk of exploitation. Avoid using the `postid` parameter in the affected admin page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Coming Soon, Maintenance WordPress plugin versions prior to 2.2.9 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `post` parameter is not properly sanitized and escaped before being outputted back in an admin page. **Recommendations** For versions prior to 2.2.9, update to version 2.2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Team Circle Image Slider With Lightbox WordPress plugin versions prior to 1.0.16 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `order pos` parameter is not properly sanitized and escaped before being outputted back in an admin page. This allows for potential malicious script injection. **Recommendations** For versions prior to 1.0.16, update to version 1.0.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin page where the `order pos` parameter is outputted to minimize the risk of exploitation. Avoid using the `order pos` parameter in the affected admin page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 **Description** The issue exists due to the lack of protection measures for the web page structure, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. Specifically, the plugin does not sanitize and escape the `mmursp id` parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. **Recommendations** For Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the admin page where the `mmursp id` parameter is output to minimize the risk of exploitation. Avoid using the `mmursp id` parameter in the affected admin page until the issue is resolved.