Nithissh Sathish

**Name of the Vulnerable Software and Affected Versions** WP Food Manager versions prior to 1.0.4 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sloth Logo Customizer WordPress plugin versions prior to 2.0.3 **Description** The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack. **Recommendations** For Sloth Logo Customizer WordPress plugin versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue.