Yuyudhn

**Name of the Vulnerable Software and Affected Versions** CodePeople WP Time Slots Booking Form versions 1.1.82 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For CodePeople WP Time Slots Booking Form versions 1.1.82 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fullworks Quick Contact Form versions 8.0.3.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. **Recommendations** For versions 8.0.3.1 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided.

**Name of the Vulnerable Software and Affected Versions** WpDevArt Booking calendar, Appointment Booking System versions 3.2.3 and earlier **Description** The issue affects the WpDevArt Booking calendar, Appointment Booking System due to a Missing Authorization vulnerability. This vulnerability allows exploitation of incorrectly configured access control security levels. **Recommendations** For versions 3.2.3 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shopfiles Ltd Ebook Store versions n/a through 5.775 **Description** The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. This vulnerability affects the Ebook Store, enabling potential unauthorized access due to missing authorization checks. **Recommendations** For versions n/a through 5.775, consider restricting access to sensitive areas of the Ebook Store to minimize the risk of exploitation until a proper fix is available. As a temporary workaround, review and correct the configuration of access control security levels to ensure proper authorization is enforced. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fullworks Quick Paypal Payments versions through 5.7.25 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions through 5.7.25, update to a version later than 5.7.25 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fullworks Quick Event Manager versions through 9.7.4 **Description** The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. **Recommendations** For versions through 9.7.4, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodePeople CP Multi View Event Calendar versions 1.4.13 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. **Recommendations** For CodePeople CP Multi View Event Calendar versions 1.4.13 and earlier, update to a version later than 1.4.13 to resolve the issue. At the moment, there is no information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Nate Reist Protected Posts Logout Button versions 1.4.5 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 1.4.5 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the logout functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pinpoint Booking System versions 2.9.9.3.4 and earlier **Description** The issue affects the Pinpoint Booking System, allowing for functionality misuse due to an External Control of Assumed-Immutable Web Parameter vulnerability. **Recommendations** For versions 2.9.9.3.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Event Espresso 4 Decaf versions 4.10.44 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows functionality misuse. This vulnerability affects the Event Espresso 4 Decaf software. **Recommendations** For versions 4.10.44 and earlier, update to a version later than 4.10.44 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WpDevArt Booking calendar, Appointment Booking System versions 3.2.3 and earlier **Description** The issue affects the WpDevArt Booking calendar, Appointment Booking System, allowing manipulation of hidden fields due to an External Control of Assumed-Immutable Web Parameter vulnerability. This enables an attacker to modify assumed-immutable web parameters, potentially leading to unauthorized access or data manipulation. **Recommendations** For versions 3.2.3 and earlier, update to a version later than 3.2.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metagauss EventPrime versions n/a through 2.8.6 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions n/a through 2.8.6, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** My Tickets versions 1.9.11 and earlier **Description** The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorized access to certain features or data. **Recommendations** For My Tickets versions 1.9.11 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Landing Page Builder – Free Landing Page Templates versions 3.1.9.9 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows Path Traversal in the Web-Settler Landing Page Builder – Free Landing Page Templates. **Recommendations** For versions 3.1.9.9 and earlier, update to a version later than 3.1.9.9 to resolve the issue. At the moment, there is no information about additional mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** Unite Gallery Lite versions 1.7.59 and earlier **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal', which allows PHP Local File Inclusion. This can potentially lead to unauthorized access to sensitive files on the server. **Recommendations** For Unite Gallery Lite versions 1.7.59 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Metagauss RegistrationMagic versions 5.1.9.2 and earlier **Description** The issue is related to incorrect default permissions, allowing access to functionality not properly constrained by Access Control Lists (ACLs). This means that certain features or data may be accessible without the appropriate permissions, potentially leading to unauthorized access or actions. **Recommendations** For Metagauss RegistrationMagic versions 5.1.9.2 and earlier, consider updating the permissions configuration to properly constrain access to functionality based on ACLs, ensuring that only authorized users can access specific features or data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shoaib Saleem WP Post Rating versions through 2.5 **Description** The issue is related to a Missing Authorization vulnerability, which allows for Functionality Misuse in Shoaib Saleem WP Post Rating. **Recommendations** For versions through 2.5, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quiz Maker versions n/a through 6.3.9.4 **Description** The issue is related to a Missing Authorization vulnerability in the Quiz Maker team Quiz Maker. **Recommendations** For versions n/a through 6.3.9.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RegistrationMagic versions through 5.1.9.2 **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for potentially malicious scripts to be injected into web pages. **Recommendations** For versions through 5.1.9.2, update to a version later than 5.1.9.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Multi Rating versions 5.0.6 and earlier **Description** The issue is related to a Missing Authorization vulnerability in Daniel Powney Multi Rating, which allows for Functionality Misuse. **Recommendations** For versions 5.0.6 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.