Crashbandicot

**Name of the Vulnerable Software and Affected Versions** UpThemes Theme DesignFolio Plus version 1.2 **Description** A vulnerability has been found in the software, classified as problematic, which affects an unknown functionality and leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** Apply a patch to fix this issue. Note: Since the product is no longer supported by the maintainer, there might not be an official patch available.

**Name of the Vulnerable Software and Affected Versions** s3bubble-amazon-s3-html-5-video-with-adverts plugin version 0.7 **Description** The issue concerns directory traversal via the `path` parameter in the "adverts/assets/plugins/ultimate/content/downloader.php" API endpoint. This allows unauthorized access to sensitive files and directories. **Recommendations** For s3bubble-amazon-s3-html-5-video-with-adverts plugin version 0.7, consider restricting access to the "adverts/assets/plugins/ultimate/content/downloader.php" endpoint until a patch is available. As a temporary workaround, avoid using the `path` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.