Aly Khaled Aly Abd Al-Aal

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue does not validate a path generated with user input when downloading files, allowing an unauthenticated user to download arbitrary files from the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** The issue is related to a lack of validation for a parameter before making a request to it. This could allow unauthenticated users to perform a Server-Side Request Forgery (SSRF) attack. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access or information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WPB Show Core WordPress plugin versions prior to 2.7 **Description** The issue is related to a Reflected Cross-Site Scripting problem, where some parameters are not properly sanitised and escaped before being outputted back in the page. This could be exploited against high privilege users, such as admins. **Recommendations** For versions prior to 2.7, update to version 2.7 or later to resolve the issue.