Stealth

**Name of the Vulnerable Software and Affected Versions** Internal Links Manager plugin for WordPress versions through 3.0.1 **Description** The Internal Links Manager plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the link deletion functionality within the `process bulk action()` function. This allows unauthenticated attackers to delete SEO links by forging requests, provided they can trick a site administrator into performing an action. **Recommendations** Update the Internal Links Manager plugin to a version beyond 3.0.1.

**Name of the Vulnerable Software and Affected Versions** smb4k versions prior to 2.0.1 **Description** The issue allows local users to gain root privileges by leveraging failure to verify arguments to the `mount` helper DBUS service. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.