Jonghwan Shin

**Name of the Vulnerable Software and Affected Versions** Meta Box versions prior to 5.11.2 **Description** The Meta Box plugin for WordPress is susceptible to arbitrary file deletion. This is due to inadequate file path validation within the `ajax delete file` function. Authenticated attackers possessing Contributor-level access or higher can delete arbitrary files on the server. Deletion of specific files, such as `wp-config.php`, could lead to remote code execution. **Recommendations** Update Meta Box to version 5.11.2 or later.

**Name of the Vulnerable Software and Affected Versions** Advanced Custom Fields: Font Awesome Field plugin for WordPress versions up to and including 5.0.1 **Description** The Advanced Custom Fields: Font Awesome Field plugin for WordPress is susceptible to Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts that will execute in a victim’s browser. **Recommendations** Update the Advanced Custom Fields: Font Awesome Field plugin to a version later than 5.0.1.

**Name of the Vulnerable Software and Affected Versions** Ivory Search – WordPress Search Plugin versions prior to 5.5.14 **Description** The Ivory Search – WordPress Search Plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue specifically impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update Ivory Search – WordPress Search Plugin to version 5.5.14 or later.

**Nome do Software Vulnerável e Versões Afetadas** Plugin Image Photo Gallery Final Tiles Grid para WordPress versões até e incluindo a 3.6.7 **Descrição** O plugin Image Photo Gallery Final Tiles Grid para WordPress não verifica corretamente a autorização do usuário para funções de gerenciamento de galeria. Isso permite que atacantes autenticados com acesso de nível de Contribuidor ou superior excluam, modifiquem ou clonem galerias criadas por qualquer usuário, incluindo administradores. **Recomendações** Atualize o plugin Image Photo Gallery Final Tiles Grid para uma versão posterior à 3.6.7.