Sachin Bahl

**Name of the Vulnerable Software and Affected Versions** The Page Generator WordPress plugin versions prior to 1.6.5 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks due to the lack of sanitization and escaping of its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.6.5, update to version 1.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Duplicate Page WordPress plugin versions prior to 1.3 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For WP Duplicate Page WordPress plugin versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nested Pages WordPress plugin versions prior to 3.1.21 **Description** The issue allows high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered html is disallowed, due to the plugin not escaping and sanitizing some of its settings. **Recommendations** For versions prior to 3.1.21, update to version 3.1.21 or later to resolve the issue.