Sergej Ljubojevic

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.20 GitHub Enterprise Server versions 3.16.15 through 3.16.15 GitHub Enterprise Server versions 3.17.12 through 3.17.12 GitHub Enterprise Server versions 3.18.6 through 3.18.6 GitHub Enterprise Server versions 3.19.3 through 3.19.3 **Description** An incorrect authorization issue was identified in GitHub Enterprise Server. An authenticated user with a classic personal access token (PAT) that does not have the `repo` scope could retrieve issues and commits from private and internal repositories. This was possible through the search REST API endpoints. The user needed existing access to the repository through organization membership or as a collaborator for exploitation to occur. The affected API endpoints are the search REST API. The vulnerable variable is the classic personal access token (PAT). **Recommendations** Update GitHub Enterprise Server to version 3.20 or later. Update GitHub Enterprise Server to version 3.16.15. Update GitHub Enterprise Server to version 3.17.12. Update GitHub Enterprise Server to version 3.18.6. Update GitHub Enterprise Server to version 3.19.3.

**Name of the Vulnerable Software and Affected Versions** ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to and including 5.9.8.1 **Description** The ProfileGrid plugin for WordPress is affected by an issue allowing unauthorized message deletion. This occurs because the `pg delete msg()` function lacks a proper capability check, enabling authenticated attackers with Subscriber-level access or higher to delete messages belonging to any user. Exploitation involves sending a direct request with a valid message ID through the `mid` parameter. **Recommendations** Update ProfileGrid – User Profiles, Groups and Communities plugin for WordPress to a version later than 5.9.8.1.

**Name of the Vulnerable Software and Affected Versions** ProfileGrid – User Profiles, Groups and Communities plugin for WordPress versions up to and including 5.9.8.2 **Description** The ProfileGrid plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is a result of a lack of nonce validation on the membership request management page, specifically during approve and decline actions. An unauthenticated attacker can potentially approve or deny group membership requests by tricking a site administrator into performing an action, such as clicking a malicious link. The affected functionality involves the processing of membership requests. **Recommendations** Update ProfileGrid – User Profiles, Groups and Communities plugin for WordPress to a version later than 5.9.8.2.

**Name of the Vulnerable Software and Affected Versions** The Newsletter – Send awesome emails from WordPress plugin versions prior to 9.1.1 **Description** The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by insufficient or incorrect nonce validation within the `hook newsletter action()` function. An unauthenticated attacker could potentially unsubscribe newsletter subscribers by forging a request, provided they can trick a logged-in user into performing an action, such as clicking a malicious link. **Recommendations** Update The Newsletter – Send awesome emails from WordPress plugin to version 9.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** ForumWP – Forum & Discussion Board plugin for WordPress versions prior to 2.1.7 **Description** The ForumWP plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping when handling a User's Display Name. Authenticated attackers with Subscriber-level access or higher can inject malicious web scripts into pages. These scripts will then execute whenever a user views the affected page. **Recommendations** Update to version 2.1.7 or later.