Rasi Afeef

**Name of the Vulnerable Software and Affected Versions** ThemeHunk Advance WordPress Search Plugin versions 1.1.4 and earlier **Description** The issue is related to a missing authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. This could allow unauthorized access due to missing authorization checks. **Recommendations** Update to a patched version as soon as possible and review plugin security settings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Countdown Widget versions 3.1.9.1 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Cross-Site Scripting (XSS). This means an attacker could potentially trick a user into performing unintended actions on a web application, and also inject malicious scripts into the website. **Recommendations** For WordPress Countdown Widget versions 3.1.9.1 and earlier, update to a version later than 3.1.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the WordPress Countdown Widget until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ThemeHunk Advance WordPress Search Plugin versions 1.2.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. **Recommendations** For ThemeHunk Advance WordPress Search Plugin versions 1.2.1 and earlier, update to a version later than 1.2.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HREFLANG Tags Lite versions n/a through 2.0.0 **Description** The issue is related to a Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite. **Recommendations** For versions n/a through 2.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ark-commenteditor WordPress plugin versions 2.15.6 and earlier **Description** The issue allows attackers to inject an iFrame into the page, enabling them to load arbitrary content from any page into the comment section. This is due to the plugin's failure to properly sanitise or encode comments when in Source editor mode. **Recommendations** For ark-commenteditor WordPress plugin versions 2.15.6 and earlier, update to a version later than 2.15.6 to resolve the issue. As a temporary workaround, consider disabling the Source editor mode to minimize the risk of exploitation. Restrict access to the comment section to minimize the risk of arbitrary content loading.

**Name of the Vulnerable Software and Affected Versions** Ali Irani Auto Upload Images plugin versions <= 3.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored Cross-Site Scripting (XSS). **Recommendations** For Ali Irani Auto Upload Images plugin versions <= 3.3, update to a version higher than 3.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tim Eckel Minify HTML plugin versions <= 2.1.7 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 2.1.7, update to a version higher than 2.1.7 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Forms by CaptainForm – Form Builder for WordPress versions <= 2.5.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 2.5.3, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MiKa's OSM – OpenStreetMap plugin versions <= 6.0.1 **Description** The issue is related to Cross-Site Request Forgery (CSRF) in the plugin. This means an attacker could potentially trick a user into performing unintended actions on the application. **Recommendations** For versions <= 6.0.1, update to a version higher than 6.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oceanwp sticky header plugin version 1.0.8 and earlier **Description** A Cross-Site Request Forgery (CSRF) issue affects the Oceanwp sticky header plugin on WordPress. This issue allows for malicious requests to be made on behalf of the user without their knowledge or consent. **Recommendations** For Oceanwp sticky header plugin version 1.0.8 and earlier, update to a version later than 1.0.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mantenimiento web plugin versions <= 0.13 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored Cross-Site Scripting (XSS). This means an attacker can trick a user into performing unintended actions on a web application, which can result in the execution of malicious scripts stored on the site. **Recommendations** For Mantenimiento web plugin versions <= 0.13, update to a version greater than 0.13 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the WordPress site to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Media Library Folders plugin versions <= 7.1.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Media Library Folders plugin versions <= 7.1.1, update to a version higher than 7.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Fatcat Apps Analytics Cat plugin versions <= 1.0.9 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows changes to plugin settings. **Recommendations** For Fatcat Apps Analytics Cat plugin versions <= 1.0.9, update to a version higher than 1.0.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** 3D Tag Cloud plugin versions <= 3.8 **Description** The issue is related to Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability affects the 3D Tag Cloud plugin at WordPress. **Recommendations** For 3D Tag Cloud plugin versions <= 3.8, update to a version higher than 3.8 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kraken.io Image Optimizer plugin versions <= 2.6.5 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application. **Recommendations** For Kraken.io Image Optimizer plugin versions <= 2.6.5, update to a version greater than 2.6.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Topdigitaltrends Mega Addons For WPBakery Page Builder plugin versions <= 4.2.7 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Topdigitaltrends Mega Addons For WPBakery Page Builder plugin versions <= 4.2.7, update to a version higher than 4.2.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RD Station plugin versions 5.1.3 through 5.2.0 **Description** The issue concerns multiple Cross-Site Request Forgery (CSRF) vulnerabilities. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For RD Station plugin versions 5.1.3 through 5.2.0, update to a version later than 5.2.0 to resolve the issue. At the moment, there is no information about other specific fixes for this issue.

**Name of the Vulnerable Software and Affected Versions** Mickey Kay's Better Font Awesome plugin versions <= 2.0.1 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on the web application. **Recommendations** For versions <= 2.0.1, update to a version higher than 2.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GetResponse plugin versions <= 5.5.20 at WordPress. **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For GetResponse plugin versions <= 5.5.20, update to a version higher than 5.5.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Hans Matzen's wp-forecast plugin versions <= 7.5 **Description** The issue is an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into the application, which can then be executed by other users. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Hans Matzen's wp-forecast plugin versions <= 7.5, update to a version higher than 7.5 to resolve the issue. At the moment, there is no information about other mitigation measures.