G0Blin

**Name of the Vulnerable Software and Affected Versions** IP Blacklist Cloud Plugin versions up to 3.42 **Description** A critical vulnerability was found in the IP Blacklist Cloud Plugin on WordPress, affecting the `valid js identifier` function of the `ip blacklist cloud.php` file in the CSV File Import component. The manipulation of the `filename` argument leads to path traversal, and it is possible to initiate the attack remotely. **Recommendations** For IP Blacklist Cloud Plugin versions up to 3.42, upgrade to version 3.43 to address this issue. As a temporary workaround, consider restricting access to the `ip blacklist cloud.php` file or disabling the `valid js identifier` function until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Infusionsoft Gravity Forms plugin versions 1.5.3 through 1.5.10 **Description** The issue allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to "utilities/code generator.php". This is due to improper access restriction. **Recommendations** For versions 1.5.3 through 1.5.10, consider restricting access to the "utilities/code generator.php" endpoint until a patch is available.