Kenneth Billones

**Name of the Vulnerable Software and Affected Versions** FileBird – WordPress Media Library Folders & File Manager versions prior to 6.4.9 **Description** The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress contains a SQL Injection issue due to insufficient escaping of the `search` parameter and lack of sufficient preparation of the existing SQL query. This allows authenticated attackers with Author-level access or higher to append additional SQL queries to existing queries, potentially extracting sensitive information from the database. **Recommendations** Update FileBird – WordPress Media Library Folders & File Manager to version 6.4.9 or later.

**Name of the Vulnerable Software and Affected Versions** ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions through 5.9.5.4 **Description** The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which can execute if a logged-in user is tricked into performing an action, such as clicking a link. The `pm get messenger notification` function is the point of entry for this issue. **Recommendations** Update ProfileGrid – User Profiles, Groups and Communities plugin for WordPress to a version later than 5.9.5.4.