Yevgen Goncharuk

**Name of the Vulnerable Software and Affected Versions** AhaChat Messenger Marketing WordPress plugin versions through 1.1 **Description** The plugin does not properly sanitize and escape a parameter before displaying it on the page, which can lead to a Reflected Cross-Site Scripting issue. This could potentially be used to compromise accounts with high privileges, such as administrators. The issue involves improper handling of user-supplied input, allowing malicious scripts to be injected into the web page. **Recommendations** Update the AhaChat Messenger Marketing WordPress plugin to a version later than 1.1.

**Name of the Vulnerable Software and Affected Versions** Advance WP Query Search Filter WordPress plugin versions through 1.0.10 **Description** The software does not properly sanitize and escape a parameter before displaying it, which could allow for a Reflected Cross-Site Scripting attack. This could potentially be used against users with high privileges, such as administrators. **Recommendations** Update to a version beyond 1.0.10.

**Name of the Vulnerable Software and Affected Versions** Advance WP Query Search Filter WordPress plugin versions through 1.0.10 **Description** The software does not properly sanitize and escape a parameter before displaying it, potentially leading to a Reflected Cross-Site Scripting issue. This could be leveraged against users with high privileges, such as administrators. The issue involves improper handling of user-supplied input, which can be reflected back into the web page without adequate sanitization. This allows an attacker to inject malicious scripts into the page, which are then executed by the victim's browser. **Recommendations** Update to a version beyond 1.0.10.