0Pc0Defr

**Name of the Vulnerable Software and Affected Versions** Brute Force Login Protection module version 1.3 for WordPress **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack user authentication for requests with unknown impact. This is achieved through a crafted request to the brute-force-login-protection page, specifically targeting the wp-admin/options-general.php endpoint. **Recommendations** For Brute Force Login Protection module version 1.3, consider disabling the module until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the wp-admin/options-general.php endpoint to minimize the risk of CSRF attacks.

**Name of the Vulnerable Software and Affected Versions** WP Security Audit Log plugin versions prior to 1.2.5 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of victims. The exact vectors used for the attack are not specified. **Recommendations** For WP Security Audit Log plugin versions prior to 1.2.5, update to version 1.2.5 or later to resolve the issue.