Rajesh Singh

**Name of the Vulnerable Software and Affected Versions** Frontend File Manager Plugin for WordPress versions prior to 23.4 **Description** The plugin does not validate file ownership before processing file rename requests. This allows authenticated attackers with Subscriber-level access or higher to rename files uploaded by other users. The issue is present in the '/wpfm/v1/file-rename' API endpoint, where the `fileid` parameter is used without proper validation. **Recommendations** Update the Frontend File Manager Plugin for WordPress to version 23.4 or later.

Name of the Vulnerable Software and Affected Versions: Order Tip for WooCommerce versions up to and including 1.5.4 Description: The Order Tip for WooCommerce plugin for WordPress is susceptible to improper input validation. The lack of server-side validation on the `data-tip` attribute allows unauthenticated attackers to manipulate the tip amount, potentially resulting in unauthorized discounts, including free orders. Recommendations: Disable the plugin until a fix is available.