WordPress Ultimate Category Excluder plugin <= 1.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by SCA AppSec Checkmarx in WordPress Ultimate Category Excluder plugin versions = 1.1. Solution Update the WordPress Ultimate Category Excluder plugin to the latest available version at least 1.2...

GHSA-4Q96-6XHQ-FF43 malicious SVG attachment causing stored XSS vulnerability

Impact An attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Patches Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 ha...