Mark Maunder

**Name of the Vulnerable Software and Affected Versions** Van Ons WP GDPR Compliance plugin versions prior to 1.4.3 **Description** The issue allows remote attackers to execute arbitrary code due to mishandled input in `$wpdb->prepare()`. This has been exploited in the wild. **Recommendations** For versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Jetpack plugin versions prior to 4.0.3 **Description** The issue allows for XSS attacks through a crafted Vimeo link. **Recommendations** For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 4.7 through 4.7.0 **Description** The issue allows remote attackers to obtain sensitive information. This is due to the REST API implementation not properly restricting listings of post authors. Attackers can exploit this via a "wp-json/wp/v2/users" request. **Recommendations** For WordPress versions 4.7 through 4.7.0, update to version 4.7.1 to resolve the issue. As a temporary workaround, consider restricting access to the "wp-json/wp/v2/users" endpoint until the update is applied.