Hüseyin Tintaş

**Name of the Vulnerable Software and Affected Versions** LifterLMS – WordPress LMS Plugin for eLearning versions up to, and including, 7.4.2 **Description** The issue allows authenticated attackers with administrator or LMS manager access and above to read the contents of arbitrary CSV files on the server, which can contain sensitive information, as well as remove those files from the server. This is made possible through the `maybe serve export` function. **Recommendations** For versions up to, and including, 7.4.2, consider disabling the `maybe serve export` function until a patch is available to prevent exploitation. Restrict access to sensitive CSV files to minimize the risk of information disclosure.

**Name of the Vulnerable Software and Affected Versions** MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress versions up to, and including, 4.5.1.2 **Description** The issue allows authenticated attackers with administrator-level access to inject arbitrary CSS values into the site tags due to insufficient input sanitization of the `newColor` parameter. This enables attackers to perform CSS Injection. **Recommendations** For versions up to, and including, 4.5.1.2, avoid using the `newColor` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.