Kaushalendra Dubey

**Name of the Vulnerable Software and Affected Versions** Gmedia Photo Gallery WordPress plugin versions prior to 1.20.0 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the Album's name is not properly sanitised and escaped before being outputted in pages or posts with a media embed, even when the unfiltered-html capability is disallowed. **Recommendations** For versions prior to 1.20.0, update to version 1.20.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create or edit Album names for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** IgniteUp WordPress plugin versions through 3.4.1 **Description** The issue arises when high privilege users do not have the `unfiltered html` capability, leading to potential Stored Cross-Site Scripting issues due to the lack of sanitization and escaping of some fields. **Recommendations** For IgniteUp WordPress plugin versions through 3.4.1, consider updating to a version that addresses this issue, as the current version does not properly sanitize and escape certain fields, potentially leading to security problems. At the moment, there is no information about a newer version that contains a fix for this vulnerability.