Jihoon Lee

**Name of the Vulnerable Software and Affected Versions** Simple Iframe WordPress plugin versions prior to 1.2.0 **Description** The issue arises from improper validation of a WordPress block attribute's content, potentially allowing users with a role of at least contributor to conduct Stored Cross-Site Scripting attacks. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Simple Iframe WordPress plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Broken Link Checker WordPress plugin versions prior to 1.11.20 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 1.11.20, update to version 1.11.20 or later to resolve the issue. As a temporary workaround, consider restricting the settings that are not properly sanitized and escaped to minimize the risk of exploitation.