Danish Tariq

**Name of the Vulnerable Software and Affected Versions** WP Go Maps plugin for WordPress versions up to, and including, 9.0.34 **Description** The issue allows unauthenticated attackers to obtain the developer's Google API key due to the plugin adding the API key to several plugin files. This does not directly affect the security of sites using the plugin but enables attackers to make requests using the API key, potentially exhausting requests and resulting in an inability to use the map functionality. **Recommendations** For versions up to, and including, 9.0.34, update to a version later than 9.0.34 to prevent unauthenticated API key disclosure. As a temporary workaround, consider restricting access to the plugin files that contain the API key to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TypesetterCMS version 5.1 **Description** The issue is a Cross-Site Request Forgery (CSRF) that can be exploited via a crafted POST request. **Recommendations** For TypesetterCMS version 5.1, update to a version that includes a fix for this issue, as no specific mitigation measures are provided.