Nicolas Buzy-Debat

**Name of the Vulnerable Software and Affected Versions** Site Editor plugin versions prior to 1.2.0 **Description** A Local File Inclusion issue allows remote attackers to retrieve arbitrary files via the `ajax path` parameter to "editor/extensions/pagebuilder/includes/ajax shortcode pattern.php". This is an example of absolute path traversal. **Recommendations** For Site Editor plugin versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "editor/extensions/pagebuilder/includes/ajax shortcode pattern.php" file until a patch is available. Avoid using the `ajax path` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** esb-csv-import-export plugin versions through 1.1 for WordPress **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `cie type`, `cie import`, `cie update`, or `cie ignore` parameter to the "includes/admin/views/esb-cie-import-export-page.php" endpoint. **Recommendations** For esb-csv-import-export plugin versions through 1.1, update to a version that contains a fix for this issue.