Do Xuan Trung

**Name of the Vulnerable Software and Affected Versions** Read More & Accordion WordPress plugin versions prior to 3.2.7 **Description** The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present, due to the unserialize of user input provided via the settings. **Recommendations** For versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Weaver Xtreme Theme Support WordPress plugin versions prior to 6.3.1 **Description** The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a malicious file and a suitable gadget chain is present on the blog. **Recommendations** For versions prior to 6.3.1, update to version 6.3.1 or later to resolve the issue. As a temporary workaround, consider restricting file import capabilities to low-privilege users or disabling the file import feature until the update is applied.