Rohan Chaudhari

**Name of the Vulnerable Software and Affected Versions** Simple Banner WordPress plugin versions prior to 2.12.0 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to improper sanitization of the `Simple Banner Text` settings, even when the `unfiltered html` capability is disallowed. **Recommendations** For versions prior to 2.12.0, update to version 2.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Simple Banner Text` settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Text Hover WordPress plugin versions prior to 4.2 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the text to hover, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 4.2, update to version 4.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the text hover feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Modern Events Calendar Lite WordPress plugin versions prior to 6.4.0 **Description** The issue concerns the lack of proper sanitization and escaping of certain parameters in the Hourly Schedule, potentially allowing users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. **Recommendations** For versions prior to 6.4.0, update to version 6.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Hourly Schedule feature to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected schedule settings until the issue is resolved.