Jinhwhite412Ash

**Name of the Vulnerable Software and Affected Versions** The Email Artillery (MASS EMAIL) WordPress plugin versions 4.1 and earlier **Description** The issue allows arbitrary files to be uploaded due to improper checking of uploaded files from the Import Emails feature. Additionally, the plugin lacks a CSRF check, making it exploitable via a CSRF attack. However, the presence of a .htaccess file, which denies access to everything in the folder where the file is uploaded, limits the accessibility of the malicious uploaded file to web servers like Nginx/IIS. **Recommendations** For The Email Artillery (MASS EMAIL) WordPress plugin versions 4.1 and earlier: As a temporary workaround, consider disabling the Import Emails feature until a patch is available. Restrict access to the folder where files are uploaded to minimize the risk of exploitation. Avoid using the plugin on web servers such as Nginx/IIS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fileviewer WordPress plugin versions through 2.2 **Description** The issue concerns the lack of CSRF checks in the Fileviewer WordPress plugin, allowing attackers to perform actions such as uploading and deleting files on behalf of a logged-in administrator via a CSRF attack. This could lead to arbitrary file uploads and deletions. **Recommendations** For Fileviewer WordPress plugin versions through 2.2, consider disabling file upload and delete functionality until a patch is available to add CSRF checks. Restrict access to file management features to minimize the risk of exploitation. Avoid using the plugin for sensitive file operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.