Nhatnam

**Name of the Vulnerable Software and Affected Versions** Affiliates Manager WordPress plugin versions prior to 2.9.14 **Description** The issue concerns the lack of validation and sanitization of affiliate data, which could allow users registering as affiliates to perform CSV injection attacks against an admin exporting the data. **Recommendations** For versions prior to 2.9.14, update to version 2.9.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Team WordPress plugin versions prior to 4.1.2 **Description** The issue allows any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user. **Recommendations** For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable file to minimize the risk of exploitation.