Rooting

**Name of the Vulnerable Software and Affected Versions** codepeople Contact Form Email versions through 1.3.60 **Description** An authorization bypass exists in codepeople Contact Form Email due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. **Recommendations** Update codepeople Contact Form Email to a version later than 1.3.60.

**Name of the Vulnerable Software and Affected Versions** The African Boss Get Cash versions through 3.2.3 **Description** An authorization issue exists in The African Boss Get Cash’s `get-cash` functionality. This allows exploitation due to incorrectly configured access control security levels. **Recommendations** Update to a version later than 3.2.3.

**Name of the Vulnerable Software and Affected Versions** Arconix Shortcodes versions through 2.1.19 **Description** A flaw exists in Tyche Softwares Arconix Shortcodes that allows for Stored Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected API endpoints and vulnerable parameters are not specified. **Recommendations** Update Arconix Shortcodes to a version later than 2.1.19.

**Name of the Vulnerable Software and Affected Versions** Alexander AnyComment versions through 0.3.6 **Description** A flaw exists in Alexander AnyComment that allows for SQL Injection. The issue is due to improper neutralization of special elements used in an SQL command. This could allow an attacker to manipulate database queries. **Recommendations** Update Alexander AnyComment to a version newer than 0.3.6.

Name of the Vulnerable Software and Affected Versions: cartpauj Shortcode Redirect versions n/a through 1.0.02 Description: Improper neutralization of input during web page generation allows for Stored Cross-site Scripting (XSS). This issue impacts the Shortcode Redirect component. Recommendations: Update cartpauj Shortcode Redirect to a version later than 1.0.02.

**Name of the Vulnerable Software and Affected Versions** microlight version 0.0.7 **Description** A denial of service issue has been identified in the microlight JavaScript library. The library does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content is processed, the reset function in microlight.js consumes excessive memory and CPU resources, causing browser crashes or unresponsiveness. An attacker can exploit this by tricking a user into visiting a malicious web page containing a microlight element with large content. **Recommendations** For microlight version 0.0.7, consider disabling the library until a patch is available to prevent denial of service attacks. Restrict access to web pages that use the microlight library to minimize the risk of exploitation. Avoid using the microlight library for syntax highlighting until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.