0X23.So

**Name of the Vulnerable Software and Affected Versions** Poll Maker WordPress plugin versions prior to 4.0.2 **Description** The issue allows high privilege users, such as admins, to perform Store Cross-Site Scripting attacks, even when `unfiltered html` is disallowed, due to the plugin's failure to sanitise and escape some settings. **Recommendations** For versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Import and export users and customers WordPress plugin versions prior to 1.19.2.1 **Description** The issue arises from the plugin's failure to sanitise and escape imported CSV data, allowing high privilege users to import malicious javascript code. This can lead to Stored Cross-Site Scripting issues. **Recommendations** For versions prior to 1.19.2.1, update to version 1.19.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the import functionality to trusted users only until the update is applied.