Zaim

**Name of the Vulnerable Software and Affected Versions** Active Products Tables for WooCommerce versions through 1.0.7 **Description** The software contains a flaw related to improper handling of user-supplied data during web page creation, which can lead to a DOM-based cross-site scripting (XSS) issue. This allows an attacker to inject malicious scripts into web pages viewed by other users. The issue affects the `profit-products-tables-for-woocommerce` component. **Recommendations** Update Active Products Tables for WooCommerce to a version newer than 1.0.7.

**Name of the Vulnerable Software and Affected Versions** Podlove Podcast Publisher versions through 4.3.3 **Description** The software is susceptible to a cross-site scripting issue due to improper input validation during web page generation. This allows for the injection of malicious scripts, specifically Stored XSS. The issue affects the Podlove Podcast Publisher WordPress plugin. **Recommendations** Versions prior to and including 4.3.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter versions through 1.3.5 **Description** The software contains a flaw related to improper input neutralization during web page generation, leading to a DOM-based cross-site scripting issue. This allows for the execution of malicious scripts within the user's browser. **Recommendations** Versions through 1.3.5 should be updated to a newer, secure version when available.

**Name of the Vulnerable Software and Affected Versions** Themify Event Post versions through 1.3.4 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerability exists in the `themify-event-post` component. The issue allows for Stored XSS, meaning the malicious script is persistently stored on the target server. **Recommendations** Update Themify Event Post to a version later than 1.3.4.

**Name of the Vulnerable Software and Affected Versions** Stylish Cost Calculator versions through 8.1.8 **Description** The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting (XSS) issue. This specific instance allows for Stored XSS, meaning malicious scripts can be stored and executed by other users. The vulnerability exists because the application does not adequately sanitize input, potentially allowing attackers to inject malicious code into web pages viewed by other users. **Recommendations** Update Stylish Cost Calculator to a version later than 8.1.8.

**Name of the Vulnerable Software and Affected Versions** BuddyDev MediaPress versions through 1.6.2 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) condition. This allows for the injection of malicious scripts into web pages viewed by other users. The vulnerability affects the MediaPress plugin. No information was provided regarding the number of potentially affected devices or any real-world incidents where this issue was exploited. The vulnerability allows for Stored XSS, meaning that malicious scripts are permanently stored on the target server. **Recommendations** Update BuddyDev MediaPress to a version newer than 1.6.2.

**Name of the Vulnerable Software and Affected Versions** WP for church Sermon Manager versions through 2.30.0 **Description** The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection of malicious scripts. The affected component allows an attacker to execute arbitrary code within the context of a user's browser. The vulnerability impacts the Sermon Manager plugin. **Recommendations** Update WP for church Sermon Manager to a version later than 2.30.0.

**Name of the Vulnerable Software and Affected Versions** Tomas WordPress Tooltips versions through 10.7.9 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerability affects the way user-supplied data is processed and displayed, potentially enabling an attacker to execute arbitrary code within the context of a user's browser. The affected component is susceptible to attacks where malicious code is stored on the target server and then delivered to users when they view the affected page. **Recommendations** Update Tomas WordPress Tooltips to a version later than 10.7.9.

**Name of the Vulnerable Software and Affected Versions** Magnigenie RestroPress versions through 3.2.4.2 **Description** The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-Site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerability exists in RestroPress. The affected component is not specified. The vulnerability allows for Stored XSS. **Recommendations** Update to a version later than 3.2.4.2.

**Name of the Vulnerable Software and Affected Versions** WP Last Modified Info versions through 1.9.2 **Description** A flaw exists in WP Last Modified Info that allows for Remote Code Inclusion due to improper control of code generation. This issue allows an attacker to inject code remotely. **Recommendations** Update WP Last Modified Info to a version newer than 1.9.2.

**Name of the Vulnerable Software and Affected Versions** Ultimate Blocks versions through 3.3.6 **Description** The software contains a flaw related to improper input handling during web page creation, which can lead to Cross-site Scripting (XSS). This allows for the injection of malicious scripts into web pages viewed by other users. The issue is a Stored XSS, meaning the malicious script is persistently stored on the target server. **Recommendations** Update to a version later than 3.3.6.

**Name of the Vulnerable Software and Affected Versions** Memberlite Shortcodes versions through 1.4.1 **Description** The software contains a flaw related to improper handling of user-supplied data during web page creation, which could lead to Cross-site Scripting (XSS). This allows for the injection of malicious scripts into web pages viewed by other users. The issue is categorized as Stored XSS, meaning the malicious script is persistently stored on the target server. **Recommendations** Update Memberlite Shortcodes to a version later than 1.4.1.

**Name of the Vulnerable Software and Affected Versions** Stock History & Reports Manager for WooCommerce plugin for WordPress versions up to and including 2.2.1 **Description** The Stock History & Reports Manager for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `alg wc stock snapshot restocked` shortcode. Insufficient input sanitization and output escaping on user-supplied attributes allow authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update the Stock History & Reports Manager for WooCommerce plugin to a version later than 2.2.1.

**Name of the Vulnerable Software and Affected Versions** WP Easy Toggles versions prior to 1.9.1 **Description** The WP Easy Toggles plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'toggles' shortcode. This is due to inadequate input sanitization and output escaping of user-supplied attributes. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update WP Easy Toggles to version 1.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** Syam Mohan WPFront User Role Editor versions through 4.2.3 **Description** The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting (XSS). This specific instance allows for Stored XSS attacks. **Recommendations** Update Syam Mohan WPFront User Role Editor to a version later than 4.2.3.

**Name of the Vulnerable Software and Affected Versions** metaphorcreations Ditty versions through 3.1.58 **Description** The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This could allow an attacker to inject malicious scripts into web pages viewed by other users. The affected component is susceptible to exploitation through crafted input. **Recommendations** Update metaphorcreations Ditty to a version later than 3.1.58.

**Name of the Vulnerable Software and Affected Versions** Benjamin Pick Geolocation IP Detection versions through 5.5.0 **Description** The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting (XSS) issue. This specific instance allows for Stored XSS attacks. The issue involves the generation of web pages where user-supplied input is not adequately sanitized, potentially enabling malicious scripts to be injected and executed in the context of other users' browsers. **Recommendations** Update to a version later than 5.5.0.

**Name of the Vulnerable Software and Affected Versions** Michel - xiligroup dev xili-tidy-tags versions through 1.12.06 **Description** The software contains a flaw related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting (XSS). This issue could potentially allow an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability affects the `xili-tidy-tags` component. **Recommendations** Update to a version later than 1.12.06.

**Name of the Vulnerable Software and Affected Versions** CubeWP versions through 1.1.26 **Description** The software contains a flaw related to improper input handling during web page creation, which can lead to Cross-site Scripting (XSS). This specific instance is a Stored XSS issue, meaning malicious scripts can be stored on the target server and executed by other users. **Recommendations** Update CubeWP to a version later than 1.1.26.

**Name of the Vulnerable Software and Affected Versions** xnau webdesign Participants Database versions through 2.7.6.3 **Description** The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting (XSS). This means malicious scripts can be injected into web pages viewed by other users. The issue affects the Participants Database. **Recommendations** Update to a version later than 2.7.6.3.