Di Nhau

**Name of the Vulnerable Software and Affected Versions** Geeky Bot versions prior to 1.2.3 **Description** The Geeky Bot plugin for WordPress contains a missing authorization flaw. A nopriv AJAX route allows an attacker to control model/function dispatch, reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files into the 'wp-content/plugins/' directory. This enables unauthenticated attackers to perform arbitrary plugin installation and achieve remote code execution. **Recommendations** Update to a version later than 1.2.2.

**Name of the Vulnerable Software and Affected Versions** Import and export users and customers plugin for WordPress versions prior to 2.0.9 **Description** An issue exists in the `save extra user profile fields()` function where an incomplete blocklist fails to restrict capability meta keys for subsites in a WordPress Multisite network. While primary site keys like `wp capabilities` and `wp user level` are blocked, subsite equivalents such as `wp 2 capabilities` and `wp 2 user level` can bypass the `in array()` check and be written to user meta via `update user meta()`. Authenticated attackers with Subscriber-level access or higher can escalate their privileges to Administrator on any subsite by submitting a crafted profile update to the "/wp-admin/profile.php" endpoint. This requires an administrator to have previously imported a CSV file with multisite-prefixed capability column headers and enabled the 'Show fields in profile?' option, which exposes these keys as editable fields on the user profile page. **Recommendations** Update the plugin to a version later than 2.0.8. As a temporary workaround, disable the 'Show fields in profile?' option to prevent capability keys from being exposed as editable fields on the user profile page.