Tien Nguyen

**Name of the Vulnerable Software and Affected Versions** Permalink Manager Lite plugin versions <= 2.2.20 **Description** The issue is related to a Broken Access Control vulnerability. **Recommendations** For Permalink Manager Lite plugin versions <= 2.2.20, update to a version higher than 2.2.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Welcart eCommerce plugin versions <= 2.7.7 **Description** The issue is related to incorrect restriction of a directory path with limited access in the Welcart eCommerce plugin for WordPress. This can allow a remote attacker to execute arbitrary code. **Recommendations** For versions <= 2.7.7, update to a version higher than 2.7.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Plugin for Google Reviews versions prior to 2.2.3 **Description** The issue is related to a Broken Access Control vulnerability. It affects the authentication mechanism for subscribers and above, potentially allowing unauthorized access. **Recommendations** For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Modula plugin versions prior to 2.6.10 **Description** The issue allows unauthorized changes to plugin settings. **Recommendations** For Modula plugin versions prior to 2.6.10, update to version 2.6.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WooSwipe WooCommerce Gallery plugin versions prior to 2.0.2 **Description** The issue is related to a Broken Access Control vulnerability. It affects the authentication mechanism for subscribers and higher, indicating a potential for unauthorized access. **Recommendations** For WooSwipe WooCommerce Gallery plugin versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FontMeister plugin versions <= 1.08 at WordPress. **Description** The issue is a Reflected Cross-Site Scripting (XSS) vulnerability. This means an attacker can inject malicious scripts into a website, potentially stealing user data or taking control of the user's session. **Recommendations** For FontMeister plugin versions <= 1.08, update to a version greater than 1.08 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dean Oakley's Photospace Gallery plugin versions 2.3.5 and earlier **Description** The issue allows users with a subscriber or higher role to change plugin settings due to a Broken Access Control vulnerability. This vulnerability affects the plugin's settings, enabling unauthorized modifications. **Recommendations** For Dean Oakley's Photospace Gallery plugin versions 2.3.5 and earlier, update to a version later than 2.3.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pop-up plugin versions 1.1.5 and earlier **Description** The issue is related to a Privilege Escalation vulnerability that affects subscribers and above, allowing potential escalation of privileges. **Recommendations** For Pop-up plugin versions 1.1.5 and earlier, update to a version later than 1.1.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GS Testimonial Slider plugin versions 1.9.5 and earlier GS Testimonial Slider plugin versions 1.9.1 and earlier **Description** The issue is related to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability can be exploited by an attacker with an author or higher user role. **Recommendations** For GS Testimonial Slider plugin versions 1.9.5 and earlier, update to a version later than 1.9.5 to resolve the issue. For GS Testimonial Slider plugin versions 1.9.1 and earlier, update to a version later than 1.9.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Slideshow, Image Slider by 2J plugin versions <= 1.3.54 **Description** The issue is an Authenticated Reflected Cross-Site Scripting (XSS) vulnerability. It affects users with a contributor or higher user role. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For Slideshow, Image Slider by 2J plugin versions <= 1.3.54, update to a version higher than 1.3.54 to resolve the issue. As a temporary workaround, consider restricting access to the plugin for users with contributor or higher roles until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ravpage plugin versions <= 2.16 **Description** The issue is an Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. This means that an attacker can inject malicious scripts into a website without needing to authenticate, potentially affecting users who visit the site. The vulnerability is present in the Ravpage plugin used with WordPress. **Recommendations** For Ravpage plugin versions <= 2.16, update to a version higher than 2.16 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ShortPixel Adaptive Images plugin versions 3.3.1 and earlier **Description** The issue allows an attacker with a low user role, such as a subscriber or higher, to change the plugin settings. **Recommendations** For versions 3.3.1 and earlier, update to a version later than 3.3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FV Flowplayer Video Player WordPress plugin versions <= 7.5.15.727 **Description** An authenticated SQL Injection vulnerability has been discovered, affecting users with author or higher roles. This issue allows for potential SQL injection attacks. **Recommendations** For versions <= 7.5.15.727, update to a version higher than 7.5.15.727 to resolve the issue.