Shweta Mahajan

**Name of the Vulnerable Software and Affected Versions** CP Blocks WordPress plugin versions prior to 1.0.15 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the `License ID` settings, even when the unfiltered html is disallowed. **Recommendations** For versions prior to 1.0.15, update to version 1.0.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Security Audit WordPress plugin version 1.0.0 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the `Data Id` setting, even when the `unfiltered html` capability is disallowed. **Recommendations** For Security Audit WordPress plugin version 1.0.0, ensure proper sanitization and escaping of the `Data Id` setting to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting the `Data Id` setting to minimize the risk of exploitation.