Sandeep Vishwakarma

**Name of the Vulnerable Software and Affected Versions** WP Directory Kit versions 1.3.6 and earlier **Description** The issue is related to an Improper Neutralization of Special Elements in Output Used by a Downstream Component, also known as an 'Injection' vulnerability. This allows for Code Injection in WP Directory Kit. **Recommendations** For WP Directory Kit versions 1.3.6 and earlier, update to a version later than 1.3.6 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

Name of the Vulnerable Software and Affected Versions: The URL Shortener by Myhop WordPress plugin versions 1.0.17 and earlier Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks even when unfiltered html is disallowed, due to the plugin not sanitizing and escaping some of its settings. Recommendations: For versions 1.0.17 and earlier, update to a version that addresses the sanitization and escaping of settings to prevent Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SEOPress WordPress plugin versions prior to 7.3 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some of its settings. This can occur even when unfiltered html is disallowed. **Recommendations** For versions prior to 7.3, update to version 7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.