Burak Kelebek

**Name of the Vulnerable Software and Affected Versions** Admin Custom Login Plugin version 2.4.5.2 **Description** A problematic issue has been identified, allowing for basic cross site scripting (Persistent) due to the manipulation of an unknown function. This can be exploited remotely. **Recommendations** For Admin Custom Login Plugin version 2.4.5.2, consider disabling the affected function until a patch is available. Restrict access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Download Manager Plugin version 2.8.99 **Description** A problematic issue was found, leading to cross-site request forgery. The manipulation can be launched remotely, affecting an unknown function. **Recommendations** For Download Manager Plugin version 2.8.99, consider disabling the plugin until a patch is available to prevent cross-site request forgery attacks. Restrict access to the plugin to minimize the risk of exploitation. Avoid using the plugin in sensitive environments until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.