Amirmohammad Vakili

**Name of the Vulnerable Software and Affected Versions** Forminator WordPress plugin versions prior to 1.24.1 **Description** The issue arises from the plugin not using an atomic operation to check whether a user has already voted and then update that information, leading to a Race Condition. This condition may allow a single user to vote multiple times on a poll. **Recommendations** For versions prior to 1.24.1, update to version 1.24.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress versions prior to 4.21.1 **Description** The issue arises from the improper sanitization of the `State` field in the Edit profile page, which can lead to a stored Cross-Site Scripting issue when output in the About section of the profile page. This could allow low-privilege users, such as students, to elevate their privileges via an XSS attack when an admin views their profile. **Recommendations** For versions prior to 4.21.1, update to version 4.21.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Edit profile page and the About section of the profile page to minimize the risk of exploitation.