Leo

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 145.0.7632.159 **Description** An object lifecycle issue in the DevTools component of Google Chrome allowed an attacker to potentially exploit heap corruption. This exploitation could occur if a user was convinced to install a malicious extension. The security severity is rated as High. **Recommendations** Update Google Chrome to version 145.0.7632.159 or later.

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A use-after-free issue existed in the V8 component of Google Chrome before version 147.0.7727.55. An attacker could potentially exploit heap corruption by convincing a user to install a malicious extension. Recommendations Update Google Chrome to version 147.0.7727.55 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 146.0.7680.153 **Description** A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The Chromium security severity is rated as High. **Recommendations** Update Google Chrome to version 146.0.7680.153 or later.

**Name of the Vulnerable Software and Affected Versions** FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider versions prior to 2.2.82 **Description** The FluentSMTP plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the `formatResult` function. This allows unauthenticated attackers to inject a PHP object. No known POP chain is present in the vulnerable software, but if a POP chain is present via an additional plugin or theme, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability was partially patched in version 2.2.82. Over 300,000 WordPress sites are potentially exposed to this issue. **Recommendations** For versions prior to 2.2.82, update to a version that includes the partial patch, such as version 2.2.82, to mitigate the risk of PHP Object Injection. As a temporary workaround, consider restricting access to the `formatResult` function until a more comprehensive patch is available. Additionally, users should be cautious of installing additional plugins or themes that could introduce a POP chain, exacerbating the vulnerability. At the moment, there is no information about a newer version that contains a complete fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.228 **Description** The issue is related to PHP Object Injection via deserialization of untrusted input in the `set redirections` function. This allows authenticated attackers with Administrator-level access and above to inject a PHP Object. No known POP chain is present in the vulnerable software, but if a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. **Recommendations** For versions up to, and including, 1.0.228, consider disabling the `set redirections` function until a patch is available to prevent PHP Object Injection. Restrict access to the vulnerable function to minimize the risk of exploitation. Avoid using untrusted input in the `set redirections` function to prevent deserialization of malicious data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress versions up to, and including, 1.0.228 **Description** The issue is caused by a missing capability check on the `update metadata` function, allowing unauthenticated attackers to insert new and update existing metadata beginning with `rank math`, and delete arbitrary existing user metadata and term metadata. This can lead to a loss of access to the administrator dashboard for any registered users, including Administrators. **Recommendations** For versions up to, and including, 1.0.228, update to a version higher than 1.0.228 to resolve the issue. As a temporary workaround, consider disabling the `update metadata` function until a patch is available. Restrict access to metadata beginning with `rank math` to minimize the risk of exploitation. Avoid using the `update metadata` function in the affected plugin until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Code Embed plugin for WordPress versions up to, and including, 2.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's script embed functionality due to insufficient restrictions on who can utilize the functionality. This allows authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Recommendations: For Code Embed plugin for WordPress versions up to, and including, 2.4: Update to the latest patched version as soon as possible to mitigate the risk of exploitation. Additionally, consider monitoring for signs of compromise.

**Name of the Vulnerable Software and Affected Versions** GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress versions up to, and including, 3.16.1 **Description** The issue is related to time-based SQL Injection via the `order` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This allows authenticated attackers, with GiveWP Manager-level access and above, to append additional SQL queries into already existing queries within the Legacy View mode, which can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 3.16.1, consider disabling the `order` parameter in the Legacy View mode until a patch is available to prevent exploitation. Restrict access to the Legacy View mode to minimize the risk of sensitive information extraction. Avoid using the `order` parameter in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.