Fumenoid

**Name of the Vulnerable Software and Affected Versions** Sherpa Connector Service version 2020.2.20328.2050 **Description** The issue is related to an unquoted service path in the Sherpa Connector Service, which could allow a local user to escalate privileges. This can be achieved by creating a specific file, for example, "C:Program FilesSherpa SoftwareSherpa.exe". **Recommendations** For version 2020.2.20328.2050, consider updating to a newer version that quotes the service path to prevent privilege escalation. As a temporary workaround, restrict access to the `SherpaConnectorService.exe` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Image Photo Gallery Final Tiles Grid WordPress plugin versions prior to 3.5.3 **Description** The issue allows users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard. This is due to the plugin not sanitising and escaping the Description field when editing a gallery. **Recommendations** For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue.