Yoshiken

**Name of the Vulnerable Software and Affected Versions** FluentSMTP WordPress plugin versions prior to 2.0.1 **Description** The issue arises from the plugin's failure to sanitize parameters before storing settings in the database and its failure to escape values before outputting them when viewing SMTP settings. This leads to a stored cross-site scripting (XSS) vulnerability. Only users with roles capable of managing plugins can modify the plugin's settings. **Recommendations** For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Request a Quote WordPress plugin versions prior to 2.3.9 **Description** The issue is related to authenticated Stored Cross-Site Scripting, which occurs due to the lack of sanitization, validation, or escaping of some settings in the admin dashboard. This problem exists even when the unfiltered html capability is disallowed. **Recommendations** For versions prior to 2.3.9, update to version 2.3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard settings to minimize the risk of exploitation.