Framartin

**Name of the Vulnerable Software and Affected Versions** WordPress share-on-diaspora plugin versions prior to 0.7.2 **Description** The issue concerns reflected XSS in share URL parameters. **Recommendations** For versions prior to 0.7.2, update to version 0.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Markdown Preview Plus extension versions prior to 0.5.7 **Description** The issue allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files. These files are designed to be viewed in the browser as plain text but will be converted to HTML without proper sanitization, leading to a cross-site scripting (XSS) issue. **Recommendations** For versions prior to 0.5.7, update to version 0.5.7 or later to resolve the issue. As a temporary workaround, consider disabling the Markdown Preview Plus extension until a patch is available. Restrict access to uploading and displaying crafted files to minimize the risk of exploitation.