Taeeun Lee

**Name of the Vulnerable Software and Affected Versions** WP Quick Post Duplicator versions 2.0 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For WP Quick Post Duplicator versions 2.0 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided.

**Name of the Vulnerable Software and Affected Versions** Felix Welberg Extended Post Status versions 1.0.0 through 1.0.19 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Felix Welberg Extended Post Status versions 1.0.0 through 1.0.19, update to a version newer than 1.0.19 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kolja Nolte Secondary Title plugin versions <= 2.0.9.1 **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by contributors or users with higher authentication levels. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions <= 2.0.9.1, update to a version higher than 2.0.9.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Design Extreme We’re Open! plugin versions 1.46 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Design Extreme We’re Open! plugin versions 1.46 and earlier, update to a version later than 1.46 to resolve the issue.