Rio Darmawan

**Name of the Vulnerable Software and Affected Versions** Schema App Structured Data versions 1.23.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Schema App Structured Data, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.23.1 and earlier, update to a version later than 1.23.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fantastic Content Protector Free versions 2.6 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 2.6 and earlier, update to a version that contains a fix for this issue, as the current version has a Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Max Chirkov Advanced Text Widget versions 2.1.2 and earlier **Description** The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For Max Chirkov Advanced Text Widget versions 2.1.2 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided.

**Name of the Vulnerable Software and Affected Versions** Multi-column Tag Map versions n/a through 17.0.26 **Description** The issue is related to a Missing Authorization vulnerability in the Multi-column Tag Map. **Recommendations** For versions n/a through 17.0.26, update to a version later than 17.0.26 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Richteam Slider Carousel – Responsive Image Slider versions 1.5.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the Richteam Slider Carousel – Responsive Image Slider. **Recommendations** For versions 1.5.1 and earlier, update to a version later than 1.5.1 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WpStream plugin versions prior to 4.4.10 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 4.4.10, update to version 4.4.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AccessPress Themes Social Auto Poster plugin versions <= 2.1.4 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application. **Recommendations** For AccessPress Themes Social Auto Poster plugin versions <= 2.1.4, update to a version higher than 2.1.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Passionate Brains Add Expires Headers & Optimized Minify plugin versions <= 2.7 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 2.7, update to a version that contains a fix for this issue, if available. If no specific fix is provided for version 2.7 or earlier, consider disabling the plugin until a patched version is released. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPGrim Dynamic XML Sitemaps Generator for Google plugin versions prior to 1.3.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Amit Agarwal Google XML Sitemap for Images plugin versions <= 2.1.3 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Amit Agarwal Google XML Sitemap for Images plugin versions <= 2.1.3, update to a version higher than 2.1.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tribulant Slideshow Gallery LITE plugin versions prior to 1.7.7 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to perform unintended actions on a web application that a user is authenticated to. **Recommendations** For versions prior to 1.7.7, update to version 1.7.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress versions prior to 8.0.11 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 8.0.11, update to version 8.0.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gl SPICE New Adman plugin versions <= 1.6.8 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For gl SPICE New Adman plugin versions <= 1.6.8, update to a version higher than 1.6.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Vsourz Digital CF7 Invisible reCAPTCHA plugin versions prior to 1.3.4 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 1.3.4, update to version 1.3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** audrasjb Reusable Blocks Extended plugin versions 0.9 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For audrasjb Reusable Blocks Extended plugin versions 0.9 and earlier, update to a version later than 0.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AccessPress Themes WP TFeed plugin versions <= 1.6.9 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For AccessPress Themes WP TFeed plugin versions <= 1.6.9, update to a version higher than 1.6.9 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WPGrim Classic Editor and Classic Widgets plugin versions 1.2.5 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions 1.2.5 and earlier, update to a version later than 1.2.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Meril Inc. Blog Floating Button plugin versions <= 1.4.12 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Meril Inc. Blog Floating Button plugin versions <= 1.4.12, update to a version higher than 1.4.12 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Louis Reingold Elegant Custom Fonts plugin versions 1.0 and earlier **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Louis Reingold Elegant Custom Fonts plugin versions 1.0 and earlier, update to a version later than 1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tribulant Newsletters plugin versions <= 4.8.8 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions <= 4.8.8, update to a version higher than 4.8.8 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures, such as token-based validation, to minimize the risk of exploitation.