Sachin Kumar

**Name of the Vulnerable Software and Affected Versions** Duplicate Page and Post WordPress plugin versions prior to 2.8 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and escape its settings, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 2.8, update to version 2.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The Simple Post Notes WordPress plugin versions prior to 1.7.6 **Description** The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks due to the lack of sanitization and escaping of its settings. This can occur even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.7.6, update to version 1.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.