Rudra Sarkar

Name of the Vulnerable Software and Affected Versions: Connections Business Directory WordPress plugin versions prior to 9.7 Description: The issue is related to the Connections Business Directory WordPress plugin, which does not validate or sanitise some connections' fields. This could lead to a CSV injection issue. Recommendations: For versions prior to 9.7, update to version 9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the connections' fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Subrion CMS versions prior to 4.2.1 **Description** The issue concerns cross-site request forgery in the "blog/delete/" endpoint. This allows for unauthorized actions to be performed. **Recommendations** For versions prior to 4.2.1, update to version 4.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the "blog/delete/" endpoint until the update is applied.