Vaibhav Nitin Gaikwad

**Name of the Vulnerable Software and Affected Versions** The Mihdan: No External Links WordPress plugin versions prior to 5.0.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 5.0.2, update to version 5.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Good & Bad Comments WordPress plugin version 1.0.0 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, due to the plugin's failure to sanitise and escape its settings. **Recommendations** For The Good & Bad Comments WordPress plugin version 1.0.0, consider disabling the plugin until a patch is available to prevent potential Stored Cross-Site Scripting attacks. Restrict access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Autolinks WordPress plugin version 1.0.1 **Description** The issue is related to the lack of a CSRF check when updating settings and the failure to sanitize and escape input, which could allow attackers to perform Stored Cross-Site scripting against a logged-in admin via a CSRF attack. **Recommendations** For Autolinks WordPress plugin version 1.0.1, consider updating to a newer version that includes a CSRF check and proper input sanitization and escaping to prevent Stored Cross-Site scripting attacks. As a temporary workaround, restrict access to the plugin's settings update functionality to minimize the risk of exploitation.