Etharus

**Name of the Vulnerable Software and Affected Versions** Super Store Finder plugin for WordPress versions up to, and including, 6.9.3 **Description** The issue is related to insufficient restrictions on the `sendMail.php` file, allowing direct access and enabling unauthenticated attackers to send emails with arbitrary content using the vulnerable site's server. This vulnerability has been publicly disclosed with an exploit available. **Recommendations** For versions up to, and including, 6.9.3, as a temporary workaround, consider restricting access to the `sendMail.php` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CloudPanel versions 2.0.0 through 2.3.0 CloudPanel version 2.3.0 **Description** The issue is related to insufficient access control in the File Manager component of CloudPanel, specifically when handling `clp-fm` cookie files without verifying their authenticity and integrity. This can allow a remote attacker to gain unauthorized access to protected information and elevate their privileges. **Recommendations** For CloudPanel versions 2.0.0 through 2.3.0, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the File Manager component until a patch is applied.