Theviper17

**Name of the Vulnerable Software and Affected Versions** HETWORKS WordPress Image shrinker versions through 1.1.0 **Description** The WordPress Image shrinker plugin contains a Server-Side Request Forgery (SSRF) flaw. This allows for Server Side Request Forgery. **Recommendations** Update HETWORKS WordPress Image shrinker to a version later than 1.1.0.

**Name of the Vulnerable Software and Affected Versions** Icegram Icegram Express Pro versions through 5.9.11 **Description** A flaw exists in Icegram Icegram Express Pro email-subscribers-premium related to the deserialization of untrusted data, potentially leading to object injection. **Recommendations** Update Icegram Icegram Express Pro to a version later than 5.9.11.

**Name of the Vulnerable Software and Affected Versions** WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) versions prior to 1.9.1 **Description** The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress allows an attacker with Contributor-level permissions to upload malicious files. This occurs when importing recipes via CSV, specifically by providing a remote URL during the import process. Successful exploitation can lead to Remote Code Execution (RCE). The vulnerability involves arbitrary file uploads, enabling the attacker to upload a PHP file. The vulnerable component is the CSV import functionality. **Recommendations** Versions prior to 1.9.1 should be updated.

**Name of the Vulnerable Software and Affected Versions** Icegram Icegram Express Pro versions through 5.9.5 **Description** A Server-Side Request Forgery (SSRF) issue exists in Icegram Icegram Express Pro email-subscribers-premium. This allows for Server Side Request Forgery. **Recommendations** Update Icegram Icegram Express Pro to a version later than 5.9.5.

**Name of the Vulnerable Software and Affected Versions** husani WP Subtitle versions through 3.4.1 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-Site Scripting (XSS). This means that malicious code can be injected into the website and executed by other users. The vulnerability allows an attacker to inject malicious scripts into web pages. The vulnerable component is susceptible to Stored XSS attacks. **Recommendations** Update to a version later than 3.4.1

**Name of the Vulnerable Software and Affected Versions** wpdesk Flexible PDF Invoices for WooCommerce & WordPress versions through 6.0.13 **Description** A Cross-Site Request Forgery (CSRF) issue exists in wpdesk Flexible PDF Invoices for WooCommerce & WordPress. This allows attackers to perform actions on behalf of an authenticated user without their knowledge. **Recommendations** Update wpdesk Flexible PDF Invoices for WooCommerce & WordPress to a version later than 6.0.13.

**Name of the Vulnerable Software and Affected Versions** HT Mega – Absolute Addons for WPBakery Page Builder versions through 1.0.9 **Description** The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting (XSS). This specific instance is a DOM-Based XSS issue. **Recommendations** Update HT Mega – Absolute Addons for WPBakery Page Builder to a version later than 1.0.9.

**Name of the Vulnerable Software and Affected Versions** Nextendweb Nextend Facebook Connect versions through 3.1.19 **Description** The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be embedded in web pages and executed by unsuspecting users. The issue affects the application's handling of user-supplied data when generating web content. **Recommendations** Update Nextendweb Nextend Facebook Connect to a version later than 3.1.19.

**Name of the Vulnerable Software and Affected Versions** Nicu Micle Simple JWT Login versions through 3.6.4 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. The affected component is susceptible to Stored XSS attacks. **Recommendations** Update Nicu Micle Simple JWT Login to a version later than 3.6.4.

**Name of the Vulnerable Software and Affected Versions** catchsquare WP Social Widget versions through 2.3.1 **Description** The WP Social Widget software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting (XSS). This allows for the injection of malicious scripts. The issue is a Stored XSS, meaning the malicious script is persistently stored and executed when a user views the affected page. **Recommendations** Update catchsquare WP Social Widget to a version later than 2.3.1.

**Name of the Vulnerable Software and Affected Versions** Chad Butler WP-Members versions through 3.5.4.2 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting issue. This allows for Stored XSS attacks. The issue involves the injection of malicious scripts into web pages, potentially compromising user data and system security. **Recommendations** Update Chad Butler WP-Members to a version later than 3.5.4.2.

**Name of the Vulnerable Software and Affected Versions** GD bbPress Tools versions through 3.5.3 **Description** The software contains a flaw related to improper input handling during web page generation, leading to a potential Cross-site Scripting (XSS) issue. Specifically, the issue is a DOM-Based XSS. The affected component allows for the injection of malicious scripts into web pages. **Recommendations** Update GD bbPress Tools to a version later than 3.5.3.

**Name of the Vulnerable Software and Affected Versions** Rustaurius Front End Users versions through 3.2.33 **Description** A flaw exists in Rustaurius Front End Users that allows for Stored Cross-site Scripting (XSS). This issue arises from improper neutralization of input during web page generation. Successful exploitation could allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability affects the Front End Users component. **Recommendations** Update Rustaurius Front End Users to a version later than 3.2.33.

**Name of the Vulnerable Software and Affected Versions** Noumaan Yaqoob Compact Archives versions through 4.1.0 **Description** A flaw exists in Noumaan Yaqoob Compact Archives that allows for Stored Cross-site Scripting (XSS). This issue is due to improper neutralization of input during web page generation. The vulnerability could allow an attacker to inject malicious scripts into web pages viewed by other users. The affected product allows for the injection of scripts via the application’s web interface. **Recommendations** Update Noumaan Yaqoob Compact Archives to a version later than 4.1.0.

**Name of the Vulnerable Software and Affected Versions** Techeshta Card Elements for WPBakery versions through 1.0.8 **Description** The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting issue. This allows for the injection of malicious scripts into web pages. The affected component is Card Elements for WPBakery. **Recommendations** Update Techeshta Card Elements for WPBakery to a version later than 1.0.8.

**Name of the Vulnerable Software and Affected Versions** Ronald Huereca Highlight and Share – Social Text and Image Sharing versions through 5.1.1 **Description** The software contains a flaw related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious code can be injected into the application and executed by other users. The affected component is Highlight and Share – Social Text and Image Sharing. **Recommendations** Update to a version later than 5.1.1.

**Name of the Vulnerable Software and Affected Versions** Events Manager – OpenStreetMaps versions through 4.2.1 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by other users. The vulnerability exists due to insufficient sanitization of user-supplied data. **Recommendations** Update Events Manager – OpenStreetMaps to a version later than 4.2.1.

**Name of the Vulnerable Software and Affected Versions** WPKube Kiwi versions through 2.1.8 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update WPKube Kiwi to a version later than 2.1.8.

**Name of the Vulnerable Software and Affected Versions** Stagtools versions through 2.3.8 **Description** The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Stagtools to a version later than 2.3.8.

**Name of the Vulnerable Software and Affected Versions** Eric Mann WP Publication Archive versions through 3.0.1 **Description** The software contains an Improper Neutralization of Input During Web Page Generation, which allows for Stored Cross-site Scripting (XSS). **Recommendations** Update Eric Mann WP Publication Archive to a version later than 3.0.1.