Rutuja D Shirke

**Name of the Vulnerable Software and Affected Versions** The Translation Exchange WordPress plugin versions prior to 1.0.15 **Description** The issue concerns an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the `Project Key` text field found in the plugin's settings. **Recommendations** For The Translation Exchange WordPress plugin versions prior to 1.0.15, update to version 1.0.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Buffer Button WordPress plugin version 1.0 **Description** The issue allows for Authenticated Stored Cross Site Scripting (XSS) within the `Twitter username` to mention text field. **Recommendations** For Buffer Button WordPress plugin version 1.0, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CLUEVO LMS, E-Learning Platform WordPress plugin versions prior to 1.8.1 **Description** The issue concerns the lack of sanitization and escaping of Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting the capability to edit Course's modules to trusted users only until the update is applied.