Kenichiro Ito

**Name of the Vulnerable Software and Affected Versions** TP-Link Tether versions prior to 4.5.13 TP-Link Tapo versions prior to 3.3.6 **Description** The issue is related to errors in the certificate authentication procedure, which may allow a remote attacker to perform a man-in-the-middle (MITM) attack. This could enable the attacker to eavesdrop on encrypted communication. **Recommendations** For TP-Link Tether versions prior to 4.5.13, update to version 4.5.13 or later to resolve the issue. For TP-Link Tapo versions prior to 3.3.6, update to version 3.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and encrypted communications until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress versions up to, and including, 1.0.0 **Description** The issue is due to missing nonce validation on the `ajax store save()` function, making it possible for unauthenticated attackers to modify plugin settings and inject malicious web scripts via a forged request. This can be achieved if an attacker can trick a site administrator into performing an action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.0.0, consider disabling the `ajax store save()` function until a patch is available to prevent exploitation. Restrict access to the plugin's settings to minimize the risk of unauthorized modifications.