Yudistira Arya

**Name of the Vulnerable Software and Affected Versions** Tockify Events Calendar versions through 2.2.13 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker could potentially inject malicious scripts into the website, affecting the Document Object Model (DOM) of the page. **Recommendations** For versions through 2.2.13, update to a version later than 2.2.13 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Optinly versions 1.0.18 and earlier **Description** The issue is related to a Missing Authorization vulnerability in OptinlyHQ Optinly, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For versions 1.0.18 and earlier, update to a version that contains a fix for this issue, as the current version is affected by the Missing Authorization vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VowelWeb Ibtana versions 1.2.3.3 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. This vulnerability can be exploited due to missing authorization in VowelWeb Ibtana, which affects the access control security levels. **Recommendations** For versions 1.2.3.3 and earlier, consider restricting access to sensitive areas of the application to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and correct the configuration of access control security levels to ensure proper authorization is in place.

**Name of the Vulnerable Software and Affected Versions** The Ultimate WordPress Toolkit – WP Extended versions n/a through 2.4.7 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows Reflected XSS. **Recommendations** For versions n/a through 2.4.7, update to a version later than 2.4.7 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Repute InfoSystems ARForms Form Builder versions 1.6.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS. **Recommendations** For versions 1.6.7 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moloni versions through 4.7.4 **Description** The issue affects Moloni, allowing Reflected XSS due to improper neutralization of input during web page generation. This can lead to Cross-site Scripting. **Recommendations** For versions through 4.7.4, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crafthemes Demo Import versions 3.3 and earlier **Description** The issue is related to a Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import, allowing functionality misuse. **Recommendations** For versions 3.3 and earlier, update to a version that includes the fix for this issue, as the current version allows for functionality misuse due to missing authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Olive One Click Demo Import versions 1.1.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import. **Recommendations** For Olive One Click Demo Import versions 1.1.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XLPlugins Finale Lite versions through 2.18.0 **Description** The issue is related to a Missing Authorization vulnerability in XLPlugins Finale Lite. This could potentially compromise data due to the lack of proper authorization checks. **Recommendations** For versions through 2.18.0, update to a version that includes the fix for this issue as soon as possible. As a temporary workaround, consider restricting access to sensitive data and functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AdFoxly – Ad Manager, AdSense Ads & Ads.Txt versions 1.8.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability in AdFoxly – Ad Manager, AdSense Ads & Ads.Txt. **Recommendations** For versions 1.8.5 and earlier, update to a version later than 1.8.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XLPlugins NextMove Lite versions 2.17.0 and earlier **Description** The issue is a Missing Authorization vulnerability in XLPlugins NextMove Lite. This vulnerability allows unauthorized access due to the lack of proper authorization checks. **Recommendations** For XLPlugins NextMove Lite versions 2.17.0 and earlier, update to a version later than 2.17.0 to resolve the Missing Authorization vulnerability. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mr.Ebabi New Order Notification for Woocommerce versions n/a through 2.0.2 **Description** The issue is related to a Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce. This vulnerability affects the plugin's ability to properly authorize actions, potentially allowing unauthorized access. **Recommendations** For versions n/a through 2.0.2, update to a version later than 2.0.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tribulant Newsletters versions 4.9.5 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS. **Recommendations** For versions 4.9.5 and earlier, update to a version later than 4.9.5 to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WPvivid Backup for MainWP versions 0.9.32 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS. **Recommendations** For versions 0.9.32 and earlier, update to a version later than 0.9.32 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BoldGrid Total Upkeep versions 1.15.8 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path Traversal in BoldGrid Total Upkeep. **Recommendations** For versions 1.15.8 and earlier, update to a version later than 1.15.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HUSKY – Products Filter for WooCommerce (formerly WOOF) versions 1.3.5.2 and earlier **Description** The issue affects the HUSKY – Products Filter for WooCommerce plugin, allowing for path traversal and code injection. This can enable the use of malicious files and code inclusion. **Recommendations** For versions 1.3.5.2 and earlier, update to a version later than 1.3.5.2 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and files to minimize the risk of path traversal and code injection.

**Name of the Vulnerable Software and Affected Versions** WPMU DEV Defender Security versions through 4.4.1 **Description** The issue is related to an Authentication Bypass by Spoofing, allowing functionality bypass. **Recommendations** For versions through 4.4.1, update to a version later than 4.4.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BuddyForms versions n/a through 2.8.8 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows Server Side Request Forgery and Relative Path Traversal. This enables unauthorized access to files and directories outside the intended restricted directory. **Recommendations** For versions n/a through 2.8.8, update to a version later than 2.8.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ARForms Form Builder versions 1.6.1 and earlier **Description** The issue is related to a missing authorization vulnerability in ARForms Form Builder. This vulnerability may allow unauthorized access to sensitive data. **Recommendations** Update to a version later than 1.6.1 to protect your data. As a temporary workaround, consider restricting access to sensitive data until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sendinblue for WooCommerce versions 4.0.17 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This allows for Relative Path Traversal and manipulation of web input to file system calls. **Recommendations** For versions 4.0.17 and earlier, update to a version later than 4.0.17 to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and files to minimize the risk of exploitation.