Stealthcopter

**Name of the Vulnerable Software and Affected Versions** WP Rocket versions through 3.19.4 **Description** A flaw exists in WP Rocket that allows for Stored Cross-Site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. An attacker could potentially inject malicious scripts into web pages viewed by other users. The vulnerability affects the WP Rocket plugin. **Recommendations** Update WP Rocket to a version later than 3.19.4.

**Name of the Vulnerable Software and Affected Versions** Crocoblock JetEngine versions through 3.7.2 **Description** A flaw exists in Crocoblock JetEngine that allows for Remote Code Inclusion due to improper control of code generation. This issue, identified as a 'Code Injection', could potentially allow an attacker to execute arbitrary code. **Recommendations** Update Crocoblock JetEngine to a version newer than 3.7.2.

**Name of the Vulnerable Software and Affected Versions** MapSVG versions through 8.7.3 **Description** The software contains a flaw that permits unrestricted file uploads of dangerous types. This allows for the upload of a web shell to a web server. The issue grants attackers webshell capabilities with minimal authentication. **Recommendations** Versions prior to 8.7.3 should be updated.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetEngine versions through 3.7.3 **Description** A Stored Cross-site Scripting (XSS) issue exists in CrocoBlock JetEngine. This allows for the injection of malicious scripts into web pages. The issue is due to improper neutralization of input during web page generation. The vulnerability affects the `jet-engine` component. **Recommendations** Update CrocoBlock JetEngine to a version newer than 3.7.3.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetReviews versions through 3.0.0 **Description** A flaw exists in CrocoBlock JetReviews that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a PHP Remote File Inclusion vulnerability. **Recommendations** Update JetReviews to a version newer than 3.0.0.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetSearch versions through 3.5.10 **Description** A flaw exists in CrocoBlock JetSearch that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue could potentially allow an attacker to compromise the database. **Recommendations** Update CrocoBlock JetSearch to a version later than 3.5.10.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetSearch versions through 3.5.10 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The affected component is `jet-search`. **Recommendations** Update to a version later than 3.5.10.

**Name of the Vulnerable Software and Affected Versions** captivateaudio Captivate Sync versions through 3.0.3 **Description** A flaw exists in captivateaudio Captivate Sync captivatesync-trade related to the deserialization of untrusted data, potentially leading to object injection. **Recommendations** Update captivateaudio Captivate Sync to a version later than 3.0.3.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetWooBuilder versions through 2.1.20 **Description** A flaw exists in CrocoBlock JetWooBuilder that allows for DOM-Based Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is `jet-woo-builder`. **Recommendations** Update CrocoBlock JetWooBuilder to a version later than 2.1.20.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetBlocks For Elementor versions through 1.3.18 **Description** A flaw exists in CrocoBlock JetBlocks For Elementor that allows for Stored Cross-Site Scripting (XSS). This issue involves improper neutralization of input during web page generation. The vulnerability could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is `jet-blocks`. **Recommendations** Update CrocoBlock JetBlocks For Elementor to a version later than 1.3.18.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetElements For Elementor versions through 2.7.8 **Description** A flaw exists in CrocoBlock JetElements For Elementor that allows for Stored Cross-Site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability affects the `jet-elements` component. **Recommendations** Update CrocoBlock JetElements For Elementor to a version later than 2.7.8.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetBlog versions through 2.4.4 **Description** The software contains a flaw due to improper neutralization of input during web page generation, specifically a Reflected Cross-site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The affected component is `jet-blog`. **Recommendations** Update CrocoBlock JetBlog to a version later than 2.4.4.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetBlog versions through 2.4.4.1 **Description** A flaw exists in CrocoBlock JetBlog that allows for Stored Cross-site Scripting (XSS). This issue arises from improper neutralization of input during web page generation. An attacker could potentially inject malicious scripts into web pages viewed by other users. The vulnerable component is `jet-blog`. **Recommendations** Update CrocoBlock JetBlog to a version later than 2.4.4.1.

**Name of the Vulnerable Software and Affected Versions** CrocoBlock JetWooBuilder versions through 2.1.20.1 **Description** A flaw exists in CrocoBlock JetWooBuilder that allows for Stored Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is `jet-woo-builder`. **Recommendations** Update JetWooBuilder to a version later than 2.1.20.1.

Name of the Vulnerable Software and Affected Versions: Rentsyst versions through 2.0.100 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to Reflected Cross-site Scripting (XSS). Recommendations: Update Rentsyst to a version later than 2.0.100.

Name of the Vulnerable Software and Affected Versions: Crocoblock JetElements For Elementor versions n/a through 2.7.7 Description: A flaw exists in Crocoblock JetElements For Elementor that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: Update Crocoblock JetElements For Elementor to a version later than 2.7.7.

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions through 3.7.0 Description: Improper neutralization of special elements used in a template engine in Crocoblock JetEngine allows code injection. Recommendations: Update Crocoblock JetEngine to a version later than 3.7.0.

Name of the Vulnerable Software and Affected Versions: Crocoblock JetPopup versions through 2.0.15 Description: The software contains a flaw that allows retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: Update Crocoblock JetPopup to a version later than 2.0.15.

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions through 3.7.0 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting (XSS). Recommendations: Update Crocoblock JetEngine to a version later than 3.7.0.

Name of the Vulnerable Software and Affected Versions: Crocoblock JetWooBuilder versions through 2.1.20 Description: An insertion of sensitive information into sent data issue exists in Crocoblock JetWooBuilder, allowing retrieval of embedded sensitive data. Recommendations: Update JetWooBuilder to a version later than 2.1.20.