Ganesh Bagaria

Name of the Vulnerable Software and Affected Versions: JH 404 Logger WordPress plugin versions 1.1 and earlier Description: The issue arises from the plugin's failure to sanitise the referer and path of 404 pages when they are output in the dashboard. This oversight allows for the execution of arbitrary JavaScript code in the WordPress dashboard. Recommendations: For JH 404 Logger WordPress plugin versions 1.1 and earlier, update to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WordPress Related Posts plugin versions 3.6.4 and earlier Description: The issue concerns an authenticated stored XSS vulnerability in the title field on the settings page. This allows an attacker to execute JavaScript code in the user's browser. Recommendations: For WordPress Related Posts plugin versions 3.6.4 and earlier, update to a version later than 3.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation. Avoid using the title field on the settings page until the issue is resolved.