Soprobro

**Name of the Vulnerable Software and Affected Versions** ilGhera Related Videos for JW Player versions 1.2.0 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Reflected XSS. This means an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session. **Recommendations** For versions 1.2.0 and earlier, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP DEBUG Toggle versions n/a through 1.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in the WP DEBUG Toggle plugin. **Recommendations** For WP DEBUG Toggle versions n/a through 1.1, update to a version that fixes the Cross-site Scripting issue. As a temporary workaround, consider restricting access to the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Think201 Data Dash versions 1.2.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page. **Recommendations** For versions 1.2.3 and earlier, update to a version that fixes the Stored XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fyljp SpiderDisplay versions n/a through 1.9.1 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. **Recommendations** For versions n/a through 1.9.1, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Reflected XSS attacks. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious code injection until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IP2Location Variables versions n/a through 2.9.5 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Reflected XSS. **Recommendations** For versions n/a through 2.9.5, update to a version later than 2.9.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JobScore Job Manager versions n/a through 2.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. **Recommendations** For versions n/a through 2.2, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Studi7 QR Master versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions. Recommendations: For versions 1.0.0 through 1.0.5, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OTWthemes Popping Content Light versions n/a through 2.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This enables potential attackers to inject malicious scripts into web pages. Recommendations: For OTWthemes Popping Content Light versions n/a through 2.4, update to a version that includes a fix for this issue, as using an outdated version may expose users to Reflected XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: dangrossman WP Calais Auto Tagger versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions n/a through 2.0, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SCAND MultiMailer versions 1.0.3 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. Recommendations: For SCAND MultiMailer versions 1.0.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Jose Conti Link Shield versions 0.5.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the web page, potentially affecting users who access the page. Recommendations: For Jose Conti Link Shield versions 0.5.4 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: hossainawlad ALD Login Page versions n/a through 1.1 Description: The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that also allows Stored XSS in the hossainawlad ALD Login Page. Recommendations: For versions n/a through 1.1, update to a version that includes a fix for the CSRF vulnerability, ensuring that the Stored XSS issue is also addressed. As a temporary workaround, consider implementing additional validation and verification for requests to prevent CSRF attacks until a patch is available.

Name of the Vulnerable Software and Affected Versions: Sudavar Codescar Radio Widget versions 0.4.2 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also store malicious scripts that will be executed by the user's browser. Recommendations: For Sudavar Codescar Radio Widget versions 0.4.2 and earlier, update to a version that fixes the CSRF vulnerability, if available. As a temporary workaround, consider implementing additional validation for requests to prevent unintended actions. Restrict access to sensitive functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Edamam SEO, Nutrition and Print for Recipes by Edamam versions n/a through 3.3 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. Recommendations: For versions n/a through 3.3, update to a version that includes a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: dimafreund RentSyst versions n/a through 2.0.72 Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potentially leading to the execution of malicious scripts stored on the server. Recommendations: For dimafreund RentSyst versions n/a through 2.0.72, update to a version later than 2.0.72 to resolve the issue. As a temporary workaround, consider implementing additional validation for requests to prevent unintended actions. Restrict access to sensitive functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ePaper Lister for Yumpu versions 1.4.0 and earlier Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potentially leading to the execution of malicious scripts stored within the application. Recommendations: For versions 1.4.0 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OTWthemes Widgetize Pages Light versions n/a through 3.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session. Recommendations: For OTWthemes Widgetize Pages Light versions n/a through 3.0, update to a version later than 3.0 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OTWthemes Sidebar Manager Light versions 1.1.8 and earlier **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as submitting a form or clicking a link. **Recommendations** For OTWthemes Sidebar Manager Light versions 1.1.8 and earlier, update to a version that includes a fix for this issue, as no specific mitigation measures are provided.

**Name of the Vulnerable Software and Affected Versions** Rollbar versions n/a through 2.7.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. **Recommendations** For versions prior to 2.7.1, update to a version that includes the fix for this issue, as no specific mitigation measures are provided for earlier versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fast Simon Search, Filters & Merchandising for WooCommerce versions 3.0.57 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means an attacker can inject malicious scripts into the website, which can then be executed by other users, potentially leading to unauthorized actions or data theft. **Recommendations** For Fast Simon Search, Filters & Merchandising for WooCommerce versions 3.0.57 and earlier, update to a version later than 3.0.57 to resolve the issue. At the moment, there is no information about additional mitigation measures.