Twseptian

**Name of the Vulnerable Software and Affected Versions** weForms WordPress plugin versions prior to 1.6.14 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its settings, even when the unfiltered html capability is disallowed. **Recommendations** For weForms WordPress plugin versions prior to 1.6.14, update to version 1.6.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Customer Service Software & Support Ticket System WordPress plugin versions prior to 5.10.4 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of form fields before outputting them in the List, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 5.10.4, update to version 5.10.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the form fields in the List to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Courses LMS WordPress plugin versions prior to 2.0.44 **Description** The issue allows malicious code to be injected into the Video Embed Code by high privilege users, even when the unfiltered html capability is disallowed, which could lead to Stored Cross-Site Scripting issues. **Recommendations** For versions prior to 2.0.44, update to version 2.0.44 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Video Embed Code feature until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin versions prior to 1.0.64 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of form values before saving to the database or when outputting, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.0.64, update to version 1.0.64 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to input data into forms until a patch is applied.