Caon

Name of the Vulnerable Software and Affected Versions: EventPrime WordPress plugin versions prior to 3.5.0 Description: The issue concerns a lack of proper permission validation when updating bookings, allowing users to change or cancel bookings for other users. Additionally, the feature lacks a nonce, which is a security token used to prevent cross-site request forgery (CSRF) attacks. Recommendations: For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the booking update feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wp-affiliate-platform versions prior to 6.5.1 **Description** The issue concerns a lack of CSRF check and missing sanitization as well as escaping in certain areas, potentially allowing attackers to execute an XSS payload via a CSRF attack on non-logged-in users. **Recommendations** For versions prior to 6.5.1, update to version 6.5.1 or later to resolve the issue.