Nick Blundell

Name of the Vulnerable Software and Affected Versions: food-and-drink-menu plugin through 2.2.0 for WordPress Description: The issue allows remote attackers to execute arbitrary code because of an unserialize operation on the `fdm cart` cookie in `load cart from cookie` in `includes/class-cart-manager.php`. Recommendations: For versions through 2.2.0, consider disabling the `load cart from cookie` function in `includes/class-cart-manager.php` to prevent exploitation until a patch is available. Restrict access to the `fdm cart` cookie to minimize the risk of arbitrary code execution.

Name of the Vulnerable Software and Affected Versions: wp-hotel-booking plugin versions 1.10.2 and earlier Description: The issue allows remote attackers to execute arbitrary code because of an unserialize operation on the `thimpress hotel booking 1` cookie in the `includes/class-wphb-sessions.php` file. This operation can be exploited to gain unauthorized access and execute malicious code. Recommendations: For versions 1.10.2 and earlier, update to a version later than 1.10.2 to resolve the issue. As a temporary workaround, consider restricting access to the `includes/class-wphb-sessions.php` file or disabling the use of the `thimpress hotel booking 1` cookie until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Form Manager plugin versions prior to 1.7.3 **Description** The issue concerns an eval injection vulnerability in the `fm saveHelperGatherItems` function within the `ajax.php` file of the Form Manager plugin for WordPress. This allows remote attackers to execute arbitrary code via unspecified vectors. **Recommendations** For versions prior to 1.7.3, update to version 1.7.3 or later to resolve the issue. As a temporary workaround, consider disabling the `fm saveHelperGatherItems` function in `ajax.php` until a patch is applied. Restrict access to the `ajax.php` file to minimize the risk of exploitation.