Vess Razz

**Name of the Vulnerable Software and Affected Versions** WP HTML Author Bio WordPress plugin versions 1.2.0 and earlier **Description** The issue allows users with a role as low as author to perform Cross-Site Scripting attacks against other users by injecting malicious JavaScript code into their bio, which is executed when anyone visits a post made by such a user. This could potentially lead to privilege escalation when an admin views the related post. **Recommendations** For WP HTML Author Bio WordPress plugin versions 1.2.0 and earlier, consider disabling the bio feature for users until a patch is available to prevent the execution of malicious JavaScript code. Restrict access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Frontend Uploader WordPress plugin versions 1.3.2 and earlier **Description** The issue allows unauthenticated users to upload malicious HTML files containing JavaScript via the plugin's form. These malicious files can be triggered when accessed directly, potentially leading to security issues. **Recommendations** For versions 1.3.2 and earlier, update to a version that prevents HTML file uploads via the plugin's form to mitigate the risk. As a temporary workaround, consider restricting access to the file upload feature until a patch is available.