Jan W Oleju

**Name of the Vulnerable Software and Affected Versions** WordPress Ping Optimizer plugin versions through 2.35.1.3.0 **Description** The issue concerns the lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unwanted actions, such as clearing logs, via CSRF attacks. **Recommendations** For WordPress Ping Optimizer plugin versions through 2.35.1.3.0, update to a version that includes CSRF checks to prevent such attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Futurio Extra WordPress plugin versions prior to 1.6.3 **Description** The issue allows high privilege users to extract data from the database and perform Cross-Site Scripting (XSS) against logged in admins by making them open a malicious link. This is due to a SQL Injection vulnerability. **Recommendations** For versions prior to 1.6.3, update to version 1.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for high privilege users until the update is applied.