Rubina Shaikh

**Name of the Vulnerable Software and Affected Versions** Interactive Medical Drawing of Human Body WordPress plugin versions prior to 2.6 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the `Link` field, even when the `unfiltered html` capability is disallowed. **Recommendations** For versions prior to 2.6, update to version 2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Link` field for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP Time Slots Booking Form WordPress plugin versions prior to 1.1.63 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of Calendar names, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.1.63, update to version 1.1.63 or later to resolve the issue.