Furkan Özer

Name of the Vulnerable Software and Affected Versions: The Advanced Page Visit Counter WordPress plugin versions prior to 8.0.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html capability is disallowed, for example, in a multisite setup. Recommendations: For versions prior to 8.0.6, update to version 8.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Not Login Hide (WPNLH) WordPress plugin version 1.0 **Description** The WP Not Login Hide (WPNLH) WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example in multisite setup. **Recommendations** For version 1.0, update to a newer version that addresses the issue of sanitising and escaping settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.