0Xp1P3

**Name of the Vulnerable Software and Affected Versions** Vrm 360 3D Model Viewer WordPress plugin versions 1.2.1 and earlier **Description** The issue arises from insufficient checks in a plugin shortcode, allowing for arbitrary file upload. **Recommendations** For Vrm 360 3D Model Viewer WordPress plugin versions 1.2.1 and earlier, consider disabling the vulnerable shortcode until a patch is available to prevent arbitrary file uploads.

**Name of the Vulnerable Software and Affected Versions** Enable Media Replace WordPress plugin versions prior to 4.1.3 **Description** The issue allows Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog, due to the unserialize of user input via the Remove Background feature. **Recommendations** For versions prior to 4.1.3, update to version 4.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Remove Background feature for Author+ users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Import XML and RSS Feeds WordPress plugin versions prior to 2.1.4 **Description** The issue allows an attacker to upload a malicious PHP file due to a lack of file extension filtering for uploaded files, leading to Remote Code Execution. **Recommendations** For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation until the update is applied.