Wannes Verwimp

**Name of the Vulnerable Software and Affected Versions** LearnPress – Backup & Migration Tool versions prior to 4.1.5 **Description** The plugin is susceptible to arbitrary file read through directory traversal, a technique that allows access to files and directories outside the intended folder. Authenticated attackers with administrator-level access or higher can exploit the `import-user-file` parameter to read sensitive files on the server. **Recommendations** Update the plugin to a version later than 4.1.4. As a temporary mitigation, restrict access to the `import-user-file` parameter.

**Name of the Vulnerable Software and Affected Versions** LearnPress – Backup & Migration Tool versions prior to 4.1.5 **Description** The plugin is susceptible to PHP Object Injection due to the deserialization of untrusted input. This allows authenticated attackers with administrator-level access or higher to inject a PHP Object. The impact depends on the presence of a POP chain (a sequence of gadgets used to achieve a specific goal during deserialization) within other installed plugins or themes. If such a chain exists, an attacker could potentially delete arbitrary files, retrieve sensitive data, or execute code. **Recommendations** Update to a version later than 4.1.4.

**Name of the Vulnerable Software and Affected Versions** Piotnet Addons for Elementor Pro versions prior to 7.1.71 **Description** Missing file type validation in the `pafe ajax form builder()` function allows unauthenticated attackers to upload arbitrary files to the server. The plugin employs an incomplete extension blacklist that fails to block dangerous extensions such as `.phar` or `.phtml`, which may lead to remote code execution. This issue is only exploitable if a file field has been added to the form. **Recommendations** Update to a version later than 7.1.70. As a temporary workaround, avoid adding file fields to forms until the update is applied.