Jamie Davies

**Name of the Vulnerable Software and Affected Versions** Easy Digital Downloads versions up to and including 3.5.2 **Description** The Easy Digital Downloads plugin for WordPress has a flaw that allows manipulation of orders. This is due to a bypass in order verification, which occurs when the `verification override` parameter is set to `1` in the POST body. An attacker can submit a forged IPN (Instant Payment Notification) and have it treated as verified, even if verification is normally enabled. A valid PayPal transaction id is required for this manipulation, limiting it to orders initiated by the attacker who possesses a customer account. **Recommendations** Versions prior to 3.5.3 should be updated.

**Name of the Vulnerable Software and Affected Versions** ZoloBlocks – Gutenberg Block Editor Plugin versions prior to 2.3.12 **Description** The ZoloBlocks – Gutenberg Block Editor Plugin for WordPress has a flaw that allows unauthorized modification of data. Specifically, a missing capability check within the `update popup status()` function permits unauthenticated attackers to enable or disable popups. **Recommendations** Update to version 2.3.12 or later.

**Name of the Vulnerable Software and Affected Versions** Essekia Tablesome Table Premium versions through 1.1.23 **Description** A missing authorization issue exists in Essekia Tablesome Table Premium. This allows access to functionality that is not properly constrained by Access Control Lists (ACLs). The issue impacts the `tablesome-premium` component. **Recommendations** Update Essekia Tablesome Table Premium to a version later than 1.1.23.