Shogo Kumamaru

**Name of the Vulnerable Software and Affected Versions** WordPress Plugin Survey Maker versions 5.1.7.7 and prior **Description** The WordPress Plugin Survey Maker is affected by a cross-site scripting issue. Successful exploitation could allow an attacker to execute arbitrary scripts in a user's web browser. **Recommendations** Update WordPress Plugin Survey Maker to a version later than 5.1.7.7.

**Name of the Vulnerable Software and Affected Versions** Advanced Custom Fields versions prior to 6.4.3 **Description** An HTML injection issue exists in the Advanced Custom Fields plugin. Exploitation of this issue may allow crafted HTML code to be rendered, potentially tampering with page display. **Recommendations** Update Advanced Custom Fields to version 6.4.3 or later.

**Name of the Vulnerable Software and Affected Versions** SHIRASAGI versions prior to 1.19.1 **Description** The issue is related to improper processing of URLs in HTTP requests, resulting in a path traversal vulnerability. If exploited, this vulnerability may allow arbitrary files on the server to be retrieved when processing crafted HTTP requests. **Recommendations** For SHIRASAGI versions prior to 1.19.1, upgrade to version 1.19.1 or later to fix the security issue. As a temporary workaround, consider restricting access to the HTTP request handler to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions prior to 2.11.2 **Description** The issue allows an attacker who can login to the product to obtain or alter the information stored in the database. This is achieved through a SQL injection vulnerability. **Recommendations** For versions prior to 2.11.2, update to version 2.11.2 or later to resolve the issue. As a temporary workaround, consider restricting database access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions prior to 2.11.2 **Description** The issue allows for cross-site scripting, which can lead to the execution of an arbitrary script on the user's web browser if exploited. **Recommendations** For versions prior to 2.11.2, update to version 2.11.2 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress Quiz Maker Plugin versions prior to 6.5.0.6 **Description** The issue is related to improper input validation, allowing a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. **Recommendations** For versions prior to 6.5.0.6, update to version 6.5.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions 2.7 to 2.8.21 **Description** A cross-site scripting issue in the Order Data Edit page allows a remote unauthenticated attacker to inject an arbitrary script. **Recommendations** For versions 2.7 to 2.8.21, update to a version later than 2.8.21 to resolve the issue. As a temporary workaround, consider restricting access to the Order Data Edit page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions 2.7 to 2.8.21 **Description** The issue allows a user with editor or higher privilege to perform unintended database operations due to a SQL injection vulnerability in the Order Data Edit page. **Recommendations** For Welcart e-Commerce versions 2.7 to 2.8.21, consider restricting access to the Order Data Edit page until a patch is available. As a temporary workaround, limit the privileges of users with editor or higher roles to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions 2.7 to 2.8.21 **Description** The issue allows a user with author or higher privilege to obtain partial information of the files on the web server due to a path traversal vulnerability. **Recommendations** For Welcart e-Commerce versions 2.7 to 2.8.21, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions 2.7 to 2.8.21 **Description** A cross-site scripting issue exists in the Item List page registration process, allowing a remote unauthenticated attacker to inject an arbitrary script. **Recommendations** For Welcart e-Commerce versions 2.7 to 2.8.21, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Item List page registration process until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions 2.7 to 2.8.21 **Description** A cross-site scripting issue in the Credit Card Payment Setup page allows a remote unauthenticated attacker to inject an arbitrary script into the page. This enables the attacker to execute malicious code, potentially leading to unauthorized actions or data exposure. **Recommendations** For Welcart e-Commerce versions 2.7 to 2.8.21, update to a version later than 2.8.21 to resolve the issue. As a temporary workaround, consider restricting access to the Credit Card Payment Setup page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions 2.7 to 2.8.21 **Description** The issue allows a remote unauthenticated attacker to inject an arbitrary script in the Item List page. This is a cross-site scripting vulnerability. **Recommendations** For Welcart e-Commerce versions 2.7 to 2.8.21, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Welcart e-Commerce versions 2.7 to 2.8.21 **Description** The issue allows a user with author or higher privilege to obtain sensitive information through a SQL injection vulnerability in the Item List page. **Recommendations** For Welcart e-Commerce versions 2.7 to 2.8.21, consider restricting access to the Item List page for users with author or higher privilege until a patch is available. As a temporary workaround, limit the privileges of users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Statistics versions prior to 13.2.0 **Description** A cross-site scripting issue exists because the product improperly processes a `platform` parameter. This allows an arbitrary script to be executed on the web browser of the user logging in to the website using the product. **Recommendations** For WP Statistics versions prior to 13.2.0, update to version 13.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `platform` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Overwolf versions 2.168.0.n and earlier Description: The issue allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory. This is due to an untrusted search path vulnerability in The Installer of Overwolf. Recommendations: For Overwolf versions 2.168.0.n and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.