Swapnil Subhash Bodekar

**Name of the Vulnerable Software and Affected Versions** The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2021.18 **Description** The issue allows high privilege users, such as admins, to set Cross-Site Scripting payloads in some settings, even when the unfiltered html capability is disallowed. This is due to the plugin not escaping some of its settings. **Recommendations** For versions prior to 2021.18, update to version 2021.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings for high privilege users until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WPFront Notification Bar WordPress plugin versions prior to 2.0.0.07176 **Description** The issue allows high privilege users, such as admins, to set XSS payload in the Custom CSS setting, leading to an authenticated Stored Cross-Site Scripting issue, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 2.0.0.07176, update to version 2.0.0.07176 or later to resolve the issue. As a temporary workaround, consider restricting access to the Custom CSS setting to minimize the risk of exploitation.