WordPress FitVids for WordPress plugin <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin FitVids for WordPress versions = 4.0.1...

GHSA-WPG7-2C88-R8XV Exposure of Sensitive Information in simple-get

In versions of simple-get prior to 4.0.1, 3.1.1, and 2.8.2, when fetching a remote url with a cookie location response, headers will be followed, potentially resulting in an exposure of the session cookie to a third party...