Julio Potier

**Name of the Vulnerable Software and Affected Versions** tarteaucitron.js – Cookies legislation & GDPR WordPress plugin versions <= 1.5.4 **Description** A Cross-Site Request Forgery (CSRF) issue has been found, which can lead to Cross-Site Scripting (XSS). The `tarteaucitronEmail` and `tarteaucitronPass` parameters are vulnerable. **Recommendations** For versions <= 1.5.4, update to a version greater than 1.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the parameters `tarteaucitronEmail` and `tarteaucitronPass` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP-PostViews plugin versions prior to 1.63 **Description** A cross-site request forgery (CSRF) issue exists in the options admin page of the WP-PostViews plugin, allowing remote attackers to hijack the authentication of administrators for requests that change plugin settings. **Recommendations** For WP-PostViews plugin versions prior to 1.63, update to version 1.63 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CMS Tree Page View plugin versions prior to 0.8.9 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `cms tpv view` parameter to "wp-admin/options-general.php". **Recommendations** For versions prior to 0.8.9, update to version 0.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/options-general.php" endpoint to minimize the risk of exploitation. Avoid using the `cms tpv view` parameter in the affected endpoint until the issue is resolved.