Wejdan Alomari

**Name of the Vulnerable Software and Affected Versions** WP Athletics WordPress plugin versions 1.1.7 and earlier **Description** The issue arises from the plugin's failure to sanitize parameters before storing them in the database and not escaping the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting issue. This allows malicious scripts to be stored and executed, potentially affecting the security of the WordPress installation. **Recommendations** For WP Athletics WordPress plugin versions 1.1.7 and earlier, update to a version later than 1.1.7 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Athletics WordPress plugin versions 1.1.7 and earlier **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in an admin page. **Recommendations** For WP Athletics WordPress plugin versions 1.1.7 and earlier, update to a version later than 1.1.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Born Babies WordPress plugin versions 1.0 and earlier **Description** The issue concerns the WP Born Babies WordPress plugin, which does not properly sanitise and escape some of its fields. This could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. **Recommendations** For WP Born Babies WordPress plugin versions 1.0 and earlier, update to a version that properly sanitises and escapes all fields to prevent Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.