Vinicius

**Name of the Vulnerable Software and Affected Versions** Elementor Addons by Livemesh plugin for WordPress versions up to and including 8.3.4 **Description** The issue arises from insufficient input sanitization and output escaping in the 'style' attribute of the Posts Slider widget, allowing authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages. These scripts will execute whenever a user accesses an injected page. **Recommendations** For versions up to and including 8.3.4, update to a version that addresses the insufficient input sanitization and output escaping issue in the Posts Slider widget. As a temporary workaround, consider restricting access to the Posts Slider widget for users with contributor-level access and above until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Brizy – Page Builder plugin for WordPress versions up to, and including, 2.4.40 **Description** The issue is related to Stored Cross-Site Scripting via the `Countdown URL` parameter due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages, which will execute when a user accesses an injected page. **Recommendations** For versions up to, and including, 2.4.40, update to a version higher than 2.4.40 to resolve the issue. As a temporary workaround, consider restricting access to the `Countdown URL` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine Password Manager Pro versions prior to 12101 Zoho ManageEngine PAM360 versions prior to 5510 Zoho ManageEngine Access Manager Plus versions prior to 4303 **Description** The issue is related to a deserialization mechanism flaw in the xmlrpc component of Zoho ManageEngine Password Manager Pro and Zoho ManageEngine Access Manager Plus, allowing an unauthenticated remote attacker to execute arbitrary code. **Recommendations** For Zoho ManageEngine Password Manager Pro versions prior to 12101, update to version 12101 or later. For Zoho ManageEngine PAM360 versions prior to 5510, update to version 5510 or later. For Zoho ManageEngine Access Manager Plus versions prior to 4303, update to version 4303 or later. As a temporary workaround, consider restricting access to the xmlrpc component until a patch is applied.