Webula

**Name of the Vulnerable Software and Affected Versions** Split Test For Elementor versions 1.8.3 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicious scripts into the website, which can then be executed by other users. **Recommendations** For Split Test For Elementor versions 1.8.3 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Beam me up Scotty – Back to Top Button versions 1.0.0 through 1.0.23 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the Beam me up Scotty – Back to Top Button. **Recommendations** For versions 1.0.0 through 1.0.23, update to a version that contains a fix for this issue to prevent Stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tribulant Software Newsletters versions 4.9.9.7 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 4.9.9.7 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kendysond Payment Forms for Paystack versions n/a through 4.0.1 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 4.0.1, update to a version later than 4.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the SQL command functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PublishPress Authors versions through 4.7.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions through 4.7.3, update to a version later than 4.7.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ays-pro Poll Maker versions through 5.6.5 **Description** The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. **Recommendations** For versions through 5.6.5, update to a version that contains a fix for this issue to prevent Blind SQL Injection attacks.

Name of the Vulnerable Software and Affected Versions: Vertex Addons for Elementor versions 1.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially leading to unauthorized access or control. The estimated number of potentially affected devices worldwide is not specified. Recommendations: For versions 1.2.0 and earlier, update to a version later than 1.2.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of exploitation. Avoid using the vulnerable Vertex Addons for Elementor until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP SEO Plugin (affected versions not specified) **Description** The issue concerns a SQL injection in the WP SEO Plugin. There is also mention of a Denial of Service (DoS) vulnerability affecting Messenger Group Calls on iOS devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SendPulse Email Marketing Newsletter versions prior to 2.1.5 **Description** The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting (XSS). This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised pages. **Recommendations** For versions prior to 2.1.5, update to version 2.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the SendPulse Email Marketing Newsletter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** I Thirteen Web Solution Email Subscription Popup versions 1.2.23 and earlier **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, which allows Blind SQL Injection. This means that an attacker can inject malicious SQL code into the application, potentially leading to unauthorized access or modification of data. **Recommendations** For I Thirteen Web Solution Email Subscription Popup versions 1.2.23 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The StoreApps Smart Manager is affected by an improper neutralization of special elements used in an SQL command, also known as SQL Injection, which allows Blind SQL Injection. This issue exists in versions from unknown up to 8.52.0. An exploit for this issue is available, which can be used to exploit the improper neutralization of special elements used in an SQL command, more information about the exploit can be found at https://t.co/2zgZKBceMd or https://t.co/BG6DMpSHNb. The vulnerable software is StoreApps Smart Manager, with affected versions being from unknown to 8.52.0. #StoreApps #SmartManager #SQLInjection #BlindSQLInjection #Exploit

**Name of the Vulnerable Software and Affected Versions** Konrad Karpieszuk WC Price History for Omnibus versions n/a through 2.1.4 **Description** The issue is related to the deserialization of untrusted data, which allows object injection. This can potentially lead to security breaches. **Recommendations** For versions n/a through 2.1.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Ultimate Exporter versions prior to 2.9.2 **Description** The issue is related to improper control of code generation, allowing PHP remote file inclusion. This can be exploited due to a 'code injection' vulnerability in the WP Ultimate Exporter plugin. **Recommendations** For versions prior to 2.9.2, update to version 2.9.2 to resolve the issue. As a temporary workaround, consider restricting access to vulnerable components of the WP Ultimate Exporter plugin until the update is applied.

**Name of the Vulnerable Software and Affected Versions** ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions 1.4.8 and earlier **Description** The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, which occurs due to the improper neutralization of special elements used in an SQL command. This allows an attacker to inject malicious SQL code, potentially leading to unauthorized access or modification of data. **Recommendations** For versions 1.4.8 and earlier, update to a version later than 1.4.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Groundhogg versions prior to 3.7.3.3 **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Reflected XSS. **Recommendations** For versions prior to 3.7.3.3, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation. Avoid using potentially vulnerable API endpoints until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** WordPress Download Manager Premium Packages versions n/a through 5.9.6 **Description** The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can be exploited. **Recommendations** For WordPress Download Manager Premium Packages versions n/a through 5.9.6, update to a version later than 5.9.6 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.