Mohamed Selim

**Name of the Vulnerable Software and Affected Versions** USM-Premium WordPress plugin versions prior to 16.3 **Description** The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 16.3, update to version 16.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Redirection WordPress plugin versions prior to 1.1.5 **Description** The issue is related to the lack of CSRF checks in the uninstall action of the plugin. This could allow attackers to make logged-in admins delete all the redirections through a CSRF attack. **Recommendations** For versions prior to 1.1.5, update to version 1.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the uninstall action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Redirection WordPress plugin versions prior to 1.1.4 **Description** The issue concerns a lack of nonce verification when adding redirects, which could allow attackers to add redirects via a CSRF attack. **Recommendations** For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue.