Lucy

**Name of the Vulnerable Software and Affected Versions** The Team Members WordPress plugin versions prior to 5.2.1 **Description** The issue allows high-privilege users, such as editors, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 5.2.1, update to version 5.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the capabilities of high-privilege users, such as editors, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced WP Columns WordPress plugin versions 2.0.6 and earlier **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For Advanced WP Columns WordPress plugin versions 2.0.6 and earlier, update to a version later than 2.0.6 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Import any XML or CSV File to WordPress plugin versions prior to 3.6.9 **Description** The issue allows highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. This is due to the plugin not validating the paths of files contained in uploaded zip archives. **Recommendations** For versions prior to 3.6.9, update to version 3.6.9 or later to resolve the issue. As a temporary workaround, consider restricting the upload of zip archives or limiting the privileges of users who can upload files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Import any XML or CSV File to WordPress plugin versions prior to 3.6.9 **Description** The issue arises from the plugin not properly filtering allowed file extensions for import on the server. This could allow administrators in multi-site WordPress installations to upload arbitrary files. **Recommendations** For versions prior to 3.6.9, update to version 3.6.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Word Count WordPress plugin versions 3.2.3 and earlier **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For WP Word Count WordPress plugin versions 3.2.3 and earlier, update to a version that addresses the sanitization and escaping of settings to prevent Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tutor LMS WordPress plugin versions prior to 2.0.10 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For versions prior to 2.0.10, update to version 2.0.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NextCellent Gallery WordPress plugin versions 1.9.35 and earlier **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a multisite setup. This is due to the plugin not sanitizing and escaping some of its image settings. **Recommendations** For NextCellent Gallery WordPress plugin versions 1.9.35 and earlier, update to a version that addresses the sanitization and escaping of image settings to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the unfiltered html capability to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Better Find and Replace WordPress plugin versions prior to 1.3.6 **Description** The issue arises from the plugin's failure to properly sanitise, validate, and escape various parameters before using them in an SQL statement, leading to an SQL Injection. **Recommendations** For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Team Members WordPress plugin versions prior to 5.1.1 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not escaping some of its Team settings. **Recommendations** For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Team settings for high privilege users until the update is applied.