Majdeddine Ben Hadj Brahim

**Name of the Vulnerable Software and Affected Versions** WordPress File Upload WordPress plugin versions prior to 4.24.8 **Description** The issue is related to improper sanitization and escaping of certain parameters, which could allow unauthenticated users to execute stored cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 4.24.8, update to version 4.24.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** UsersWP WordPress plugin versions prior to 1.2.12 **Description** The issue allows unauthenticated attackers to download sensitive information, including IP addresses, usernames, and email addresses, due to the use of predictable filenames when an admin generates an export. **Recommendations** For versions prior to 1.2.12, update to version 1.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the export functionality until the update is applied.

Name of the Vulnerable Software and Affected Versions: HTML Forms WordPress plugin versions prior to 1.3.33 Description: The issue allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks. This is possible because the plugin does not properly sanitize and escape form message inputs, even when the unfiltered html capability is disabled. Recommendations: For versions prior to 1.3.33, update to version 1.3.33 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high-privilege users to input form messages until the update is applied.