Lior Yeshayahu

**Name of the Vulnerable Software and Affected Versions** Wise Analytics versions up to and including 1.1.9 **Description** The Wise Analytics plugin for WordPress is affected by a missing authorization issue. Capability checks are absent on the REST API endpoint '/wise-analytics/v1/report', allowing unauthenticated attackers to access sensitive analytics data. This data includes administrator usernames, login timestamps, visitor tracking information, and business intelligence data. Access is achieved through the 'name' parameter by sending unauthenticated requests. **Recommendations** Update Wise Analytics to a version later than 1.1.9.

**Name of the Vulnerable Software and Affected Versions** AdminQuickbar plugin for WordPress versions through 1.9.3 **Description** The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This allows attackers to modify plugin settings and update post titles by deceiving a site administrator into performing an action, such as clicking a link. The attack requires the attacker to trick an administrator into performing an action. **Recommendations** Update the AdminQuickbar plugin to a version newer than 1.9.3.