Choigyeongmin

**Name of the Vulnerable Software and Affected Versions** Kirki versions 6.0.0 through 6.0.6 **Description** The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress contains a flaw allowing unauthenticated privilege escalation and account takeover. The issue occurs because the plugin accepts an arbitrary email address when a username is provided in a password reset request, enabling attackers to send a password reset link for any registered user, including administrators, to an email address they control. This is achieved through the `handle forgot password()` function at the forgot-password endpoint. Approximately 150,000 sites are estimated to be exposed, and the issue is being actively exploited in the wild. **Recommendations** Update to version 6.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Quiz Maker by AYS versions prior to 6.7.1.30 **Description** Insufficient input sanitization and output escaping allow unauthenticated attackers to perform Stored Cross-Site Scripting (XSS), a technique where malicious scripts are permanently stored on a target server. This occurs via the `rate reason` parameter, enabling the injection of arbitrary web scripts that execute when a user accesses an affected page. **Recommendations** Update to version 6.7.1.30 or later. As a temporary workaround, restrict or disable the use of the `rate reason` parameter.