Divyesh Prajapati

**Name of the Vulnerable Software and Affected Versions** algoliasearch-helper versions prior to 3.6.2 **Description** The issue arises from the use of the merge function in src/SearchParameters/index.js, specifically in the `SearchParameters. parseNumbers` function, without protection against prototype properties, leading to Prototype Pollution. This is only exploitable if the implementation allows users to define arbitrary search patterns. **Recommendations** For versions prior to 3.6.2, update to version 3.6.2 or later to resolve the issue. As a temporary workaround, consider restricting user input to prevent arbitrary search patterns.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** A cross-site scripting (XSS) issue exists due to insufficient input validation in the `column title` function. This allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp-admin/includes/class-wp-media-list-table.php` file until a patch is applied. Avoid using crafted attachment names in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to a vulnerability in the `wp get attachment link` function. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload attachments with crafted names until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to bypass intended redirection restrictions. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to bypass intended access restrictions and remove a category attribute from a post. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to `wp-admin/includes/ajax-actions.php` and `wp-admin/revision.php`. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.