Rayhan Ramdhany Hanaputra

**Name of the Vulnerable Software and Affected Versions** WP Announcement versions 2.0.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.0.8 and earlier, update to a version later than 2.0.8 to resolve the issue. As a temporary workaround, consider restricting user input in the WP Announcement plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Support SVG WordPress plugin versions prior to 1.1.0 **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, leading to Stored XSS attacks. This is due to the lack of sanitization of SVG file contents. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload SVG files to trusted users only until the update is applied.

**Name of the Vulnerable Software and Affected Versions** SVG Block WordPress plugin versions prior to 1.1.20 **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, enabling Stored XSS attacks due to the lack of sanitization of SVG file contents. **Recommendations** For versions prior to 1.1.20, update to version 1.1.20 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload SVG files to trusted users only until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WebP & SVG Support WordPress plugin versions prior to 1.4.1 **Description** The issue concerns the WebP & SVG Support WordPress plugin, which fails to properly sanitise uploaded SVG files. This could allow users with a role as low as Author to upload malicious SVG files containing XSS payloads. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SVGMagic WordPress plugin versions 1.1 and earlier **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, leading to Stored XSS attacks. This is due to the plugin not sanitizing SVG file contents. **Recommendations** For SVGMagic WordPress plugin versions 1.1 and earlier, update to a version that sanitizes SVG file contents to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SVGator WordPress plugin versions 1.2.6 and earlier **Description** The issue allows users with at least the author role to upload SVG files containing malicious JavaScript, enabling Stored XSS attacks due to the lack of sanitization of SVG file contents. **Recommendations** For SVGator WordPress plugin versions 1.2.6 and earlier, update to a version that sanitizes SVG file contents to prevent malicious JavaScript uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VideoWhisper Picture Gallery versions 1.5.11 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.5.11 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Popup Maker WP versions 1.2.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in Popup Maker WP. **Recommendations** For versions 1.2.8 and earlier, update to a version later than 1.2.8 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Just Writing Statistics versions n/a through 4.5 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 4.5, update to a version that contains a fix for this issue, if available. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vinoth06 Random Banner versions 4.2.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 4.2.8 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Smartarget Message Bar versions 1.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in Smartarget Message Bar. **Recommendations** For Smartarget Message Bar versions 1.3 and earlier, update to a version that fixes this issue, as the current version allows for Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Global Notification Bar versions 1.0.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in the Global Notification Bar. **Recommendations** For Global Notification Bar versions 1.0.1 and earlier, update to a version that fixes the Stored XSS issue. As a temporary workaround, consider restricting user input in the Global Notification Bar to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Felix Moira Popup More Popups versions 2.3.1 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For Felix Moira Popup More Popups versions 2.3.1 and earlier, update to a version later than 2.3.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GhozyLab, Inc. Popup Builder versions 1.1.29 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. There is a mention of phishing attempts using this vulnerability, indicating potential real-world exploitation. **Recommendations** For versions 1.1.29 and earlier, update to a version later than 1.1.29 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of Stored XSS attacks. Ensure proper validation and sanitization of user input in web page generation to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Hidden Depth Sticky banner versions 1.2.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users. **Recommendations** For Hidden Depth Sticky banner versions 1.2.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Corona Virus (COVID-19) Banner & Live Data versions 1.8.0.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the Orchestrated Corona Virus (COVID-19) Banner & Live Data. **Recommendations** For versions 1.8.0.2 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided.

**Name of the Vulnerable Software and Affected Versions** Harknell AWSOM News Announcement versions 1.6.0 and earlier **Description** The issue affects Harknell AWSOM News Announcement, allowing for Stored XSS due to improper neutralization of input during web page generation. **Recommendations** For versions 1.6.0 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Stored XSS vulnerability.