Jonas Lejon

Name of the Vulnerable Software and Affected Versions: Episerver versions 7 patch 4 and earlier Description: The issue allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving the "util/xmlrpc/Handler.ashx" endpoint. Recommendations: For Episerver versions 7 patch 4 and earlier, update to a version later than 7 patch 4 to resolve the issue. As a temporary workaround, consider restricting access to the "util/xmlrpc/Handler.ashx" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Loginizer plugin versions prior to 1.3.6 **Description** The issue exists due to SQL Injection in the Loginizer plugin for WordPress. This is exploited via the X-Forwarded-For HTTP header. **Recommendations** For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue.