Sayandeep Dutta

**Name of the Vulnerable Software and Affected Versions** Sticky Side Buttons WordPress plugin versions prior to 2.0.0 **Description** The plugin does not sanitise and escape some of its settings, which could allow high privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the `unfiltered html` capability is disallowed. This is particularly relevant in multisite setups. **Recommendations** Update Sticky Side Buttons WordPress plugin to version 2.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** FormCraft WordPress plugin versions prior to 1.2.7 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup. The problem arises because some settings are not properly sanitised and escaped. **Recommendations** For versions prior to 1.2.7, update to version 1.2.7 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to access and modify the plugin's settings until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Ninja Forms Contact Form WordPress plugin versions prior to 3.6.26 **Description** The issue is related to a HTML Injection security vulnerability. **Recommendations** For versions prior to 3.6.26, update to version 3.6.26 or later to resolve the issue.