Daniel Holley

**Name of the Vulnerable Software and Affected Versions** Bookly plugin for WordPress versions up to and including 23.2 **Description** The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with staff member role and Subscriber-level access or higher to inject arbitrary web scripts via the `Color Profile` parameter. This enables the execution of injected scripts whenever a user accesses the compromised page. **Recommendations** For Bookly plugin for WordPress versions up to and including 23.2, update to a version later than 23.2 to resolve the issue. As a temporary workaround, consider restricting access to the Color Profile parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** File Manager plugin for WordPress versions up to, and including, 7.2.4 **Description** The issue is due to missing or incorrect nonce validation on the wp file manager page that includes files through the `lang` parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve remote code execution (RCE) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. Over 1 million sites are potentially exposed to this risk. **Recommendations** For versions up to, and including, 7.2.4, update to version 7.2.5 to fully patch the issue. As a temporary workaround, consider restricting access to the wp file manager page and avoiding the use of the `lang` parameter until the issue is resolved.