Yuta Kikuchi

**Name of the Vulnerable Software and Affected Versions** Stockists Manager for Woocommerce plugin for WordPress versions up to, and including, 1.0.2.1 **Description** The issue is related to Cross-Site Request Forgery due to missing nonce validation on the `stockist settings main()` function. This allows unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing a specific action, such as clicking on a link. **Recommendations** For versions up to, and including, 1.0.2.1, consider disabling the `stockist settings main()` function until a patch is available to prevent modification of the plugin's settings. Restrict access to the plugin's settings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress Ultra Simple Paypal Shopping Cart versions 4.4 and earlier **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators via unspecified vectors. **Recommendations** For WordPress Ultra Simple Paypal Shopping Cart versions 4.4 and earlier, update to a version later than 4.4 to resolve the issue.