Roldan Brandon

**Name of the Vulnerable Software and Affected Versions** MultiSafepay plugin for WooCommerce plugin versions <= 4.13.1 **Description** The issue is related to an Unauthenticated Arbitrary File Read vulnerability. This allows unauthorized access to read files. **Recommendations** For versions <= 4.13.1, update to a version higher than 4.13.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPlus Better Messages plugin versions <= 1.9.9.148 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to upload files when file attachment to messages is activated. **Recommendations** For WordPlus Better Messages plugin versions <= 1.9.9.148, update to a version higher than 1.9.9.148 to resolve the issue. As a temporary workaround, consider deactivating file attachment to messages until a patch is available.