Khanhhnahk1

**Name of the Vulnerable Software and Affected Versions** Search & Go - Directory WordPress Theme versions prior to 2.7 **Description** The Search & Go - Directory WordPress Theme is susceptible to authentication bypass, potentially leading to account takeover. This occurs due to inadequate user validation within the `search and go elated check facebook user()` function. When Facebook login is enabled, unauthenticated attackers may gain access to other user accounts, including administrator accounts. **Recommendations** Update to a version newer than 2.7.

Name of the Vulnerable Software and Affected Versions: The Aiomatic - Automatic AI Content Writer & Editor plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows for arbitrary file uploads due to missing file type validation in the `aiomatic image editor ajax submit` function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible. To exploit the issue, a value must be entered for the `Stability.AI API key`, which can be arbitrary. Recommendations: For versions up to, and including, 2.5.0, update to a version that includes a fix for the missing file type validation in the `aiomatic image editor ajax submit` function. As a temporary workaround, consider disabling the `aiomatic image editor ajax submit` function until a patch is available. Restrict access to the Aiomatic plugin to minimize the risk of exploitation, especially for users with Subscriber-level access and above.

**Name of the Vulnerable Software and Affected Versions** CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress versions up to, and including, 2.4 **Description** The issue is related to insufficient file path validation in the 'history.php' file, allowing unauthenticated attackers to read arbitrary files on the affected site's server. This may include sensitive information such as database credentials. The vulnerability was partially patched in version 2.4. **Recommendations** For versions up to, and including, 2.4, update to a version that fully patches the vulnerability, as version 2.4 only partially addresses the issue. As a temporary workaround, consider restricting access to the 'history.php' file until a fully patched version is available.