Th3.D1Pak

**Name of the Vulnerable Software and Affected Versions** The IURNY by INDIGITALL WordPress plugin versions prior to 3.2.3 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. The problem arises because some settings are not properly sanitised and escaped. **Recommendations** For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Popup Builder WordPress plugin versions prior to 4.2.0 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bit Assist WordPress plugin versions prior to 1.1.9 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and escaped, and this vulnerability can be exploited even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 1.1.9, update to version 1.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Contact Form Builder by Bit Form WordPress plugin versions prior to 2.2.0 **Description** The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and escaped, and this can occur even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to access and modify the plugin's settings until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Bubble Menu WordPress plugin version 3.0.4 and earlier **Description** The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For Bubble Menu WordPress plugin versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue. As a temporary workaround, consider restricting the `unfiltered html` capability for high-privilege users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** All-in-one Floating Contact Form WordPress plugin versions prior to 2.1.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Floating Chat Widget WordPress plugin versions prior to 3.1.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Float menu WordPress plugin versions prior to 5.0.3 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue.