0Ppr2S

**Name of the Vulnerable Software and Affected Versions** The Photo Gallery by 10Web WordPress plugin versions prior to 1.6.4 **Description** The issue arises from the plugin's failure to properly validate and escape some of its settings. This could allow high privilege users, such as admins, to perform Cross-Site Scripting attacks when unfiltered html is disallowed. **Recommendations** For versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Custom Dashboard & Login Page WordPress plugin versions prior to 7.0 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the plugin not sanitizing some of its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 7.0, update to version 7.0 or later to resolve the issue.