Krzysztof Zajac

**Name of the Vulnerable Software and Affected Versions** iubenda WordPress plugin versions prior to 3.3.3 **Description** The issue affects the iubenda WordPress plugin, where a lack of authorization and CSRF protection in an AJAX action, combined with insufficient validation of options to be updated, allows any authenticated user to grant themselves elevated privileges. This could include privileges such as edit plugins. **Recommendations** For versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or ensuring that only trusted users have authenticated access to the system until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Icegram Express WordPress plugin versions prior to 5.5.1 **Description** The issue arises from improper sanitization and escaping of a parameter used in a SQL statement, resulting in a SQL injection that can be exploited by any authenticated user, including those with subscriber roles. **Recommendations** For versions prior to 5.5.1, update to version 5.5.1 or later to resolve the issue.