Najib Sinjari

**Name of the Vulnerable Software and Affected Versions** Everest Forms versions through 3.4.1 **Description** The software contains a flaw related to improper handling of script-related HTML tags on a web page, potentially leading to code injection. This issue is identified as a Basic Cross-Site Scripting (XSS) condition. **Recommendations** Update Everest Forms to a version later than 3.4.1.

**Name of the Vulnerable Software and Affected Versions** Advanced Custom Fields : CPT Options Pages versions through 2.0.9 **Description** A Cross-Site Request Forgery (CSRF) issue exists in Tusko Trush Advanced Custom Fields : CPT Options Pages `acf-cpt-options-pages` that allows Object Injection. This impacts the application’s ability to securely handle requests, potentially allowing an attacker to perform actions on behalf of an authenticated user without their knowledge. **Recommendations** Update Advanced Custom Fields : CPT Options Pages to a version later than 2.0.9.