Pattama Tangpoonponwiwat

**Name of the Vulnerable Software and Affected Versions** List View Google Calendar versions prior to 7.4.4 **Description** The List View Google Calendar plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping in the event description. Authenticated attackers with administrator-level access can inject arbitrary web scripts into pages, which execute when a user visits the affected page. This issue specifically impacts multi-site installations and environments where `unfiltered html` has been disabled. **Recommendations** Update to a version newer than 7.4.3.

**Name of the Vulnerable Software and Affected Versions** Image Alt Text Manager plugin for WordPress versions prior to 1.8.3 **Description** The Image Alt Text Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is a result of inadequate input sanitization and output escaping when creating image alt and title attributes using a DOM parser. Authenticated attackers with Author-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update the Image Alt Text Manager plugin to version 1.8.3 or later.