Ray Wilson

**Name of the Vulnerable Software and Affected Versions** Better Elementor Addons versions 1.4.1 and earlier **Description** The issue is related to a Path Traversal vulnerability, which allows PHP Local File Inclusion. This means an attacker could potentially access files outside the intended directory by manipulating the pathname. **Recommendations** For versions 1.4.1 and earlier, update to a version later than 1.4.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sina Extension for Elementor versions 3.5.1 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability, in Sina Extension for Elementor. This vulnerability allows PHP Local File Inclusion. **Recommendations** For Sina Extension for Elementor versions 3.5.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPB Elementor Addons versions 1.0.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or data theft. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For WPB Elementor Addons versions 1.0.9 and earlier, update to a version later than 1.0.9 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BdThemes Ultimate Store Kit Elementor Addons versions through 2.0.3 **Description** The issue is related to the deserialization of untrusted data, which can lead to potential security risks. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions through 2.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WidgetKit versions prior to 2.4.9 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject malicious scripts into web pages. **Recommendations** For versions prior to 2.4.9, update to version 2.4.9 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jeg Elementor Kit versions through 2.6.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions through 2.6.3, update to a version later than 2.6.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Leap13 Premium Addons for Elementor versions 4.10.25 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into a website, potentially affecting users who visit the site. **Recommendations** For versions 4.10.25 and earlier, update to a version later than 4.10.25 to resolve the issue. As a temporary workaround, consider restricting access to the `Leap13 Premium Addons for Elementor` plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GloriaFood Restaurant Menu – Food Ordering System – Table Reservation versions through 2.4.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. **Recommendations** For versions through 2.4.1, update to a version later than 2.4.1 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** BdThemes Ultimate Store Kit Elementor Addons versions 1.5.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For versions 1.5.2 and earlier, update to a version later than 1.5.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MailMunch – Grow your Email List versions 3.1.6 and earlier **Description** The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This allows for stored XSS attacks. **Recommendations** For MailMunch – Grow your Email List versions 3.1.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple Sponsorships Sponsors versions 3.5.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions 3.5.1 and earlier, update to a version later than 3.5.1 to resolve the issue. As a temporary workaround, consider restricting user input to prevent malicious scripts from being injected into the website. Restrict access to sensitive pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ticket Tailor versions 1.10 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised pages. **Recommendations** For versions 1.10 and earlier, update to a version that contains a fix for this issue, as using outdated versions may expose users to Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Calameo versions 2.1.7 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. **Recommendations** For WP Calameo versions 2.1.7 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ultra Companion – Companion plugin for WPoperation Themes versions 1.1.9 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or data theft. **Recommendations** For versions 1.1.9 and earlier, update to a version later than 1.1.9 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Themify Icons versions n/a through 2.0.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For Themify Icons versions n/a through 2.0.1, update to a version later than 2.0.1 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Epiphyt Embed Privacy versions 1.8.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For Epiphyt Embed Privacy versions 1.8.0 and earlier, update to a version later than 1.8.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Tabs – Responsive Tabs Plugin for WordPress versions prior to 2.2.0 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or other malicious activities. **Recommendations** For WP Tabs – Responsive Tabs Plugin for WordPress versions prior to 2.2.0, update to a version 2.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's features that allow user input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Menu Extension versions 1.6.2 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious scripts in the database, which are then executed when the affected page is viewed. **Recommendations** For versions 1.6.2 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.