W41Bu1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2.

**Name of the Vulnerable Software and Affected Versions** UiPress versions through 3.5.09 **Description** An authorization issue exists in UiPress lite, allowing exploitation of incorrectly configured access control security levels. **Recommendations** Update UiPress lite to a version later than 3.5.09.

**Name of the Vulnerable Software and Affected Versions** Ays Pro Easy Form versions through 2.7.9 **Description** An authorization issue exists in Ays Pro Easy Form easy-form, allowing exploitation due to incorrectly configured access control security levels. **Recommendations** Update Ays Pro Easy Form to a version later than 2.7.9.

**Name of the Vulnerable Software and Affected Versions** Ays Pro Quiz Maker versions through 6.7.1.2 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Ays Pro Quiz Maker quiz-maker, allowing attackers to perform actions on behalf of authenticated users. This occurs because the application does not adequately protect against forged requests. **Recommendations** Versions prior to 6.7.1.2 are affected.

**Name of the Vulnerable Software and Affected Versions** Calculated Fields Form versions through 5.4.4.1 **Description** An authorization issue exists in codepeople Calculated Fields Form. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access. **Recommendations** Update to a version later than 5.4.4.1.

**Name of the Vulnerable Software and Affected Versions** Ays Pro Secure Copy Content Protection and Content Locking versions through 5.0.0 **Description** An authorization issue exists in Ays Pro Secure Copy Content Protection and Content Locking. The issue involves exploiting incorrectly configured access control security levels. **Recommendations** Update to a version later than 5.0.0.

**Name of the Vulnerable Software and Affected Versions** Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS versions through 2.7.4 **Description** An authorization issue exists in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant, stemming from incorrectly configured access control security levels. This allows for exploitation of the system. **Recommendations** Update Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS to a version later than 2.7.4.

**Name of the Vulnerable Software and Affected Versions** Popup Box plugin for WordPress versions prior to 6.1.2 **Description** The Popup Box plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is a result of a flawed nonce implementation within the `publish unpublish popupbox` function, which incorrectly validates a self-created nonce instead of a request-submitted nonce. Successful exploitation allows unauthenticated attackers to modify the publish status of popups by deceiving a site administrator into performing an action, such as clicking a malicious link. **Recommendations** Update the Popup Box plugin to version 6.1.2 or later.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.