Jfriedli

Name of the Vulnerable Software and Affected Versions: Broken Link Notifier for WordPress versions prior to 1.3.1 Description: The plugin is susceptible to CSV injection through broken links that are exported. This allows authenticated attackers with Contributor-level access or higher to embed untrusted input into exported CSV files. Opening these files on a vulnerable local system can lead to code execution. Recommendations: Update to a version prior to 1.3.1.

**Name of the Vulnerable Software and Affected Versions:** Broken Link Notifier plugin for WordPress versions prior to 1.3.1 **Description:** The plugin is susceptible to Server-Side Request Forgery (SSRF). This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services via the `ajax blinks()` function, which calls the `check url status code()` function. **Recommendations:** Update the Broken Link Notifier plugin to version 1.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** mat2 versions prior to 0.13.0 **Description** The issue allows `../` directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. **Recommendations** For versions prior to 0.13.0, update to version 0.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ZIP archive cleaning process to minimize the risk of exploitation.