Steven Julian

**Name of the Vulnerable Software and Affected Versions** SVG Support versions prior to 2.5.15 **Description** A missing authorization issue in Benbodhi SVG Support allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify the identity or permissions of a user before granting access to protected resources. **Recommendations** Update to a version later than 2.5.14.

**Name of the Vulnerable Software and Affected Versions** E2Pdf versions through 1.28.15 **Description** An authorization issue exists in E2Pdf. The issue involves exploiting incorrectly configured access control security levels. The vulnerability allows unauthorized access. **Recommendations** Update E2Pdf to a version later than 1.28.15.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 **Description** An information disclosure issue exists in Firefox and Firefox Focus for Android due to uninitialized memory. This can potentially allow an attacker to access sensitive information. **Recommendations** Update Firefox to version 148 or later.

**Name of the Vulnerable Software and Affected Versions** FooPlugins FooGallery versions through 3.1.11 **Description** An authorization issue exists in FooPlugins FooGallery. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update FooPlugins FooGallery to a version later than 3.1.11.

**Name of the Vulnerable Software and Affected Versions** Melapress WP Activity Log versions through 5.5.4 **Description** The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting (XSS) condition. This allows for potential execution of malicious scripts within the user's browser in the context of the affected web application. **Recommendations** Update Melapress WP Activity Log to a version newer than 5.5.4.

**Name of the Vulnerable Software and Affected Versions** FooPlugins FooGallery versions through 3.1.11 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by other users. The affected component is `foogallery`. **Recommendations** Update FooPlugins FooGallery to a version later than 3.1.11.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8 **Description** An issue exists due to incorrect boundary conditions within the Graphics: ImageLib component. **Recommendations** Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.7.3 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access to course progress. Recommendations: For Masteriyo - LMS versions 1.7.3 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PluginOps MailChimp Subscribe Forms versions n/a through 4.0.9.9 **Description** The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For PluginOps MailChimp Subscribe Forms versions n/a through 4.0.9.9, update to a version later than 4.0.9.9 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** Avirtum iPanorama 360 WordPress Virtual Tour Builder versions 1.8.3 and earlier **Description** The issue affects the Avirtum iPanorama 360 WordPress Virtual Tour Builder, allowing access to functionality not properly constrained by Access Control Lists (ACLs). This means that certain features or data may be accessible without the necessary permissions. **Recommendations** For Avirtum iPanorama 360 WordPress Virtual Tour Builder versions 1.8.3 and earlier, update to a version that includes the necessary access controls to properly constrain functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e2pdf versions 1.20.27 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.20.27 and earlier, update to a version that contains a fix for this issue, however at the moment there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Slider by Soliloquy versions n/a through 2.7.6 **Description** The issue affects the Soliloquy Team Slider, allowing Cross-Site Scripting (XSS) due to Improper Neutralization of Input During Web Page Generation and Improper Authentication vulnerability. **Recommendations** For versions n/a through 2.7.6, update to a version later than 2.7.6 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable Slider by Soliloquy module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** bPlugins StreamCast versions n/a through 2.2.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS in bPlugins StreamCast. **Recommendations** For versions n/a through 2.2.3, update to a version that fixes the Improper Neutralization of Input During Web Page Generation issue to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Depicter Slider versions through 3.0.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS. **Recommendations** For versions through 3.0.2, update to a version later than 3.0.2 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Transition Slider – Responsive Image Slider and Gallery versions n/a through 2.20.3 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions n/a through 2.20.3, update to a version later than 2.20.3 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** John West Slideshow SE versions 2.5.17 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 2.5.17 and earlier, update to a version later than 2.5.17 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Serious Slider versions 1.2.4 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. **Recommendations** For versions 1.2.4 and earlier, update to a version later than 1.2.4 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SoftLab Radio Player versions 2.0.73 and earlier **Description** The issue is related to a Missing Authorization vulnerability in SoftLab Radio Player. **Recommendations** For versions 2.0.73 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow versions 1.4.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the A WP Life Slider Responsive Slideshow plugin. This vulnerability allows unauthorized access. **Recommendations** For versions 1.4.0 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** A WP Life Media Slider – Photo Sleder, Video Slider, Link Slider, Carousal Slideshow versions 1.3.9 and earlier **Description** The issue is related to a Missing Authorization vulnerability in the A WP Life Media Slider plugin. This vulnerability affects the plugin's functionality, potentially allowing unauthorized access. **Recommendations** For versions 1.3.9 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.