Rasi

**Name of the Vulnerable Software and Affected Versions** ThemeHunk Advance WordPress Search Plugin versions 1.1.4 and earlier **Description** The issue is related to a missing authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. This could allow unauthorized access due to missing authorization checks. **Recommendations** Update to a patched version as soon as possible and review plugin security settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Countdown Widget versions 3.1.9.1 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Cross-Site Scripting (XSS). This means an attacker could potentially trick a user into performing unintended actions on a web application, and also inject malicious scripts into the website. **Recommendations** For WordPress Countdown Widget versions 3.1.9.1 and earlier, update to a version later than 3.1.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the WordPress Countdown Widget until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ThemeHunk Advance WordPress Search Plugin versions 1.2.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. **Recommendations** For ThemeHunk Advance WordPress Search Plugin versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HREFLANG Tags Lite versions n/a through 2.0.0 **Description** The issue is related to a Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite. **Recommendations** For versions n/a through 2.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ali Irani Auto Upload Images plugin versions <= 3.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored Cross-Site Scripting (XSS). **Recommendations** For Ali Irani Auto Upload Images plugin versions <= 3.3, update to a version higher than 3.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Forms by CaptainForm – Form Builder for WordPress versions <= 2.5.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 2.5.3, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MiKa's OSM – OpenStreetMap plugin versions <= 6.0.1 **Description** The issue is related to Cross-Site Request Forgery (CSRF) in the plugin. This means an attacker could potentially trick a user into performing unintended actions on the application. **Recommendations** For versions <= 6.0.1, update to a version higher than 6.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oceanwp sticky header plugin version 1.0.8 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Oceanwp sticky header plugin on WordPress. This issue allows for malicious requests to be made on behalf of the user without their knowledge or consent. **Recommendations** For Oceanwp sticky header plugin version 1.0.8 and earlier, update to a version later than 1.0.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Media Library Folders plugin versions <= 7.1.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Media Library Folders plugin versions <= 7.1.1, update to a version higher than 7.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mantenimiento web plugin versions <= 0.13 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored Cross-Site Scripting (XSS). This means an attacker can trick a user into performing unintended actions on a web application, which can result in the execution of malicious scripts stored on the site. **Recommendations** For Mantenimiento web plugin versions <= 0.13, update to a version greater than 0.13 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the WordPress site to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fatcat Apps Analytics Cat plugin versions <= 1.0.9 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows changes to plugin settings. **Recommendations** For Fatcat Apps Analytics Cat plugin versions <= 1.0.9, update to a version higher than 1.0.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Topdigitaltrends Mega Addons For WPBakery Page Builder plugin versions <= 4.2.7 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Topdigitaltrends Mega Addons For WPBakery Page Builder plugin versions <= 4.2.7, update to a version higher than 4.2.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RD Station plugin versions 5.1.3 through 5.2.0 **Description** The issue concerns multiple Cross-Site Request Forgery (CSRF) vulnerabilities. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For RD Station plugin versions 5.1.3 through 5.2.0, update to a version later than 5.2.0 to resolve the issue. At the moment, there is no information about other specific fixes for this issue.

**Name of the Vulnerable Software and Affected Versions** CallRail Phone Call Tracking plugin versions <= 0.4.9 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored Cross-Site Scripting (XSS). This means an attacker can trick a user into performing unintended actions on a web application, which can result in the execution of malicious scripts stored on the site. **Recommendations** For CallRail Phone Call Tracking plugin versions <= 0.4.9, update to a version higher than 0.4.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simon Ward MP3 jPlayer plugin versions <= 2.7.3 **Description** The issue concerns multiple Cross-Site Request Forgery (CSRF) vulnerabilities. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Simon Ward MP3 jPlayer plugin versions <= 2.7.3, update to a version higher than 2.7.3 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Maps plugin versions 1.2.1 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the API KEY for the Google Maps plugin at WordPress. This vulnerability can lead to an update of the Google Maps API key. **Recommendations** For Google Maps plugin versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Photo Gallery by Supsystic plugin versions prior to 1.15.6 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to change the plugin settings. **Recommendations** For Photo Gallery by Supsystic plugin versions prior to 1.15.6, update to version 1.15.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Social Share Buttons by Supsystic plugin versions <= 2.2.2 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to perform unintended actions on a web application that a user is authenticated to. **Recommendations** For Social Share Buttons by Supsystic plugin versions <= 2.2.2, update to a version higher than 2.2.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Disable Right Click For WP plugin versions 1.1.6 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Disable Right Click For WP plugin. This allows an attacker to perform unintended actions on a user's behalf. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For Disable Right Click For WP plugin versions 1.1.6 and earlier, update to a version later than 1.1.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Code Snippets Extended plugin versions 1.4.7 and earlier **Description** The issue concerns a Remote Code Execution (RCE) in the Code Snippets Extended plugin for WordPress, which can be exploited via Cross-Site Request Forgery. **Recommendations** For versions 1.4.7 and earlier, update to a version later than 1.4.7 to resolve the issue.