Suyoung Kim

**Name of the Vulnerable Software and Affected Versions** Page Builder by SiteOrigin versions prior to 2.33.5 **Description** The Page Builder by SiteOrigin plugin for WordPress is susceptible to a Local File Inclusion issue. This allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary files on the server. The `locate template()` function is the point of entry for this issue. Successful exploitation can lead to bypassing access controls, obtaining sensitive data, or achieving code execution through the inclusion of files, potentially including uploaded images and other file types. **Recommendations** Update Page Builder by SiteOrigin to version 2.33.5 or later.

**Name of the Vulnerable Software and Affected Versions** hCaptcha for WP versions through 4.22.0 **Description** The software contains a missing authorization issue related to incorrectly configured access control security levels. **Recommendations** Update hCaptcha for WP to a version later than 4.22.0.

**Name of the Vulnerable Software and Affected Versions** Yoast SEO versions prior to 26.9 **Description** The Yoast SEO plugin for WordPress is affected by a Stored Cross-Site Scripting issue. Insufficient input sanitization and output escaping in the `yoast-schema` block attribute allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page. **Recommendations** Update Yoast SEO to version 26.9 or later.