Nguyen Pham Viet Nam

**Name of the Vulnerable Software and Affected Versions** The Starter Templates by Kadence WP WordPress plugin versions prior to 1.2.17 **Description** The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injection issues. This can occur when an admin imports a malicious file, and a suitable gadget chain is present on the blog. **Recommendations** For versions prior to 1.2.17, update to version 1.2.17 or later to resolve the issue. As a temporary workaround, consider restricting the import functionality to trusted files and users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** PublishPress Capabilities WordPress plugin versions prior to 2.5.2 PublishPress Capabilities Pro WordPress plugin versions prior to 2.5.2 **Description** The issue allows PHP object injection attacks by administrators on multisite WordPress configurations. This can happen when the content of imported files is unserialized. Successful exploitation requires the presence of other plugins with a suitable gadget chain on the site. **Recommendations** For PublishPress Capabilities WordPress plugin versions prior to 2.5.2, update to version 2.5.2 or later. For PublishPress Capabilities Pro WordPress plugin versions prior to 2.5.2, update to version 2.5.2 or later.