Mariah Almotlag

**Name of the Vulnerable Software and Affected Versions** Evaluate WordPress plugin version 1.0 **Description** The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For Evaluate WordPress plugin version 1.0, update to a version that properly sanitizes and escapes its settings to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the ability of high-privilege users to access and modify the plugin's settings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WP Attachments versions prior to 5.0.5 **Description** The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escaped. The attack can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. **Recommendations** For versions prior to 5.0.5, update to version 5.0.5 or later to resolve the issue.