Kamil Vavra

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8 Description: The issue makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. This occurs due to the lack of support for the Update URI plugin header in affected versions. Recommendations: For versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of plugins that are not yet present in the WordPress.org Plugin Directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: mdBook versions prior to 0.4.5 Description: The search feature of mdBook is affected by a cross-site scripting vulnerability, which could allow an attacker to execute arbitrary JavaScript code on a user's browser. This can be achieved by tricking the user into typing a malicious search query or clicking a link to the search page with the malicious search query prefilled. The vulnerability was introduced in version 0.1.4 and is fixed in mdBook 0.4.5 by properly escaping the search query. Recommendations: For mdBook versions prior to 0.4.5, upgrade to mdBook 0.4.5 or greater and rebuild website contents with it. As a temporary workaround, consider restricting access to the search feature until the issue is resolved.