Omer Yeshayahu

**Name of the Vulnerable Software and Affected Versions** Recooty – Job Widget (Old Dashboard) plugin for WordPress versions up to and including 1.0.6 **Description** The Recooty – Job Widget (Old Dashboard) plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of nonce validation within the `recooty save maybe()` function. An unauthenticated attacker could potentially update the `recooty key` option and inject malicious content into iframe source attributes by forging a request, provided they can trick a site administrator into performing an action. **Recommendations** Update the Recooty – Job Widget (Old Dashboard) plugin to a version later than 1.0.6.

**Name of the Vulnerable Software and Affected Versions** DASHBOARD BUILDER – WordPress plugin for Charts and Graphs versions prior to 1.5.8 **Description** The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by a lack of nonce validation within the settings handler in the `dashboardbuilder-admin.php` file. An unauthenticated attacker could potentially modify the stored SQL query and database credentials used by the `[show-dashboardbuilder]` shortcode through a forged request, provided they can trick a site administrator into performing an action. The modified SQL query is then executed on the front-end when the shortcode is rendered, potentially enabling arbitrary SQL injection and data exfiltration through the chart output. **Recommendations** Update to version 1.5.8 or later.

**Name of the Vulnerable Software and Affected Versions** The Latest Tabs plugin for WordPress versions up to and including 1.5 **Description** The Latest Tabs plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is a result of inadequate or absent nonce validation within the settings update handler located in the `admin-page.php` file. An unauthenticated attacker could potentially modify plugin settings by crafting a malicious request, provided they can deceive a site administrator into performing an action, such as clicking a specially designed link. **Recommendations** Update The Latest Tabs plugin to a version newer than 1.5.