Abdualrhman Muzamil

**Name of the Vulnerable Software and Affected Versions** WP Google Ad Manager Plugin versions prior to 1.1.1 **Description** The WP Google Ad Manager Plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts into pages. These scripts execute when a user accesses the injected page. This issue only impacts multi-site installations and those where unfiltered html has been disabled. **Recommendations** Update the WP Google Ad Manager Plugin to version 1.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress versions through 4.3.8 **Description** The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is subject to unauthorized data modification. A missing capability check on the `enable wc sms notification` AJAX action allows unauthenticated attackers to enable or disable SMS notification settings for WooCommerce orders. The vulnerable component is the `enable wc sms notification` AJAX action. **Recommendations** Update the miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress to a version later than 4.3.8.