Seungyonglee

**Name of the Vulnerable Software and Affected Versions** CodeRevolution WP Pocket URLs versions 1.0.2 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session. **Recommendations** For versions 1.0.2 and earlier, update to a version that fixes this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Innovs HR – Complete Human Resource Management System for Your Business versions 1.0.3.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Reflected XSS. **Recommendations** For versions 1.0.3.4 and earlier, update to a version later than 1.0.3.4 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebDorado SpiderVPlayer versions 1.5.22 and earlier **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting (XSS). This means that an attacker can inject malicious scripts into the web application, potentially leading to unauthorized access or control. **Recommendations** For WebDorado SpiderVPlayer versions 1.5.22 and earlier, update to a version later than 1.5.22 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin versions <= 1.8.2 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin versions <= 1.8.2, update to a version higher than 1.8.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WPPizza – A Restaurant Plugin plugin versions prior to 3.18.2 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker could potentially inject malicious scripts into the website, which would then be executed by the user's browser. **Recommendations** For versions prior to 3.18.2, update to version 3.18.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Katie Seaborn Zotpress plugin versions prior to 7.3.4 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions prior to 7.3.4, update to version 7.3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Peter Keung Peter’s Custom Anti-Spam plugin versions <= 3.2.2 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions <= 3.2.2, update to a version higher than 3.2.2 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dreamfox Payment gateway per Product for WooCommerce plugin versions 3.2.7 and earlier **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For versions 3.2.7 and earlier, update to a version later than 3.2.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website that utilize the Dreamfox Payment gateway per Product for WooCommerce plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin versions prior to 2.0.0 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized actions on behalf of the user. **Recommendations** For MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Leap Contractor Contact Form Website to Workflow Tool plugin versions prior to 4.0.0 **Description** The issue is related to an Unauth. Reflected Cross-Site Scripting (XSS) vulnerability. This allows for malicious scripts to be injected into a website, potentially leading to unauthorized actions. **Recommendations** For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue.