Tym

**Name of the Vulnerable Software and Affected Versions** AddToAny Share Buttons WordPress plugin versions prior to 1.7.48 **Description** The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of escaping in the Image URL button setting, even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 1.7.48, update to version 1.7.48 or later to resolve the issue. As a temporary workaround, consider restricting access to the Image URL button setting to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wechat Reward WordPress plugin versions 1.7 and earlier **Description** The issue allows attackers to make a logged-in admin change the settings and perform Cross-Site Scripting attacks due to the lack of sanitization or escaping of its QR settings and the absence of a CSRF check. **Recommendations** For Wechat Reward WordPress plugin versions 1.7 and earlier, update to a version that addresses the issue, as the current version does not sanitise or escape its QR settings and lacks a CSRF check, allowing for Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.