Gianluca Brindisi

**Name of the Vulnerable Software and Affected Versions** Age Verification plugin versions 0.4 and earlier **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the `redirect to` parameter. **Recommendations** For Age Verification plugin versions 0.4 and earlier, consider updating to a version later than 0.4 to resolve the issue. As a temporary workaround, restrict access to the `age-verification.php` file to minimize the risk of exploitation. Avoid using the `redirect to` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pay With Tweet plugin versions prior to 1.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `link`, `title`, or `dl` parameters in the pay.php file. **Recommendations** For Pay With Tweet plugin versions prior to 1.2, update to version 1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pay With Tweet plugin versions prior to 1.2 **Description** The issue allows remote authenticated users with certain permissions to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "paywithtweet" shortcode. **Recommendations** For versions prior to 1.2, update to version 1.2 or later to resolve the issue.