Dmitriy

**Name of the Vulnerable Software and Affected Versions** Upload Media By URL WordPress plugin versions prior to 1.0.8 **Description** The issue is related to the lack of a CSRF check when uploading files, which could allow attackers to make logged-in admins upload files on their behalf, including HTML containing JS code for users with the unfiltered html capability. **Recommendations** For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting the `unfiltered html` capability to minimize the risk of exploitation. Restrict access to file upload functionality to prevent unauthorized uploads until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Simple Author Box WordPress plugin versions prior to 2.52 **Description** The issue is related to the disclosure of arbitrary user information due to a lack of verification of the user ID before outputting information about that user. This can be exploited by users with a role as low as Contributor. **Recommendations** For versions prior to 2.52, update to version 2.52 or later to resolve the issue. As a temporary workaround, consider restricting access to user information for users with low roles, such as Contributor, until the update is applied.