Daniel Krohmer

**Name of the Vulnerable Software and Affected Versions** WC Fields Factory WordPress plugin versions 4.1.5 and earlier **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by high privilege users such as admin. **Recommendations** For versions 4.1.5 and earlier, update to a version that properly sanitises and escapes parameters used in SQL statements to prevent SQL injection. As a temporary workaround, consider restricting access to high privilege users until a patch is available.

**Name of the Vulnerable Software and Affected Versions** 10Web Map Builder for Google Maps WordPress plugin versions prior to 1.0.73 **Description** The issue arises from the plugin's failure to properly sanitise and escape certain parameters before using them in an SQL statement via an AJAX action. This AJAX action is available to unauthenticated users, leading to a SQL injection. **Recommendations** For versions prior to 1.0.73, update to version 1.0.73 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Media Library Assistant versions prior to 3.06 **Description** The issue arises from improper sanitization and escaping of a parameter before its use in a SQL statement, resulting in a SQL injection. This can be exploited by high-privilege users, such as administrators. **Recommendations** For versions prior to 3.06, update to version 3.06 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GeoDirectory WordPress plugin versions prior to 2.2.24 **Description** The issue arises from the improper sanitization and escaping of a parameter before its use in a SQL statement, leading to a SQL injection. This can be exploited by high privilege users, such as administrators. **Recommendations** For versions prior to 2.2.24, update to version 2.2.24 or later to resolve the issue. As a temporary workaround, consider restricting access to high privilege user accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mapwiz WordPress plugin versions 1.0.1 and earlier **Description** The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high-privilege users, such as administrators. **Recommendations** For Mapwiz WordPress plugin versions 1.0.1 and earlier, consider updating to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection. As a temporary workaround, restrict access to high-privilege user accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Conditional Payment Methods for WooCommerce WordPress plugin versions 1.0 and earlier **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. This SQL injection is exploitable by high privilege users, such as admin, or users with a role as low as admin. **Recommendations** For versions 1.0 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation by high privilege users.

**Name of the Vulnerable Software and Affected Versions** WP RSS By Publishers WordPress plugin version 0.1 **Description** The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins. **Recommendations** For WP RSS By Publishers WordPress plugin version 0.1, consider disabling the plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to high privilege user accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** multimedial images WordPress plugin versions 1.0b and earlier **Description** The issue arises from the multimedial images WordPress plugin not properly sanitizing and escaping a parameter before using it in a SQL statement. This leads to a SQL injection that can be exploited by users with a role as low as Admin. **Recommendations** For multimedial images WordPress plugin versions 1.0b and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Web Invoice WordPress plugin versions 2.1.3 and earlier **Description** The issue arises from the plugin's failure to properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection. This can be exploited by high privilege users, such as admin, by default. However, depending on the plugin configuration, other users, such as subscribers, could also exploit this. **Recommendations** For versions 2.1.3 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL Injection. As a temporary workaround, consider restricting access to the plugin's configuration to minimize the risk of exploitation by lower privilege users.

**Name of the Vulnerable Software and Affected Versions** Web Invoice WordPress plugin versions 2.1.3 and earlier **Description** The issue arises from the plugin's failure to properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection. This can be exploited by high privilege users, such as admin, by default. However, depending on the plugin configuration, other users, such as subscribers, could also exploit this. **Recommendations** For versions 2.1.3 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL Injection. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation, especially for high privilege users.

**Name of the Vulnerable Software and Affected Versions** WP RSS By Publishers WordPress plugin version 0.1 **Description** The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins. **Recommendations** For WP RSS By Publishers WordPress plugin version 0.1, consider disabling the plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to high privilege user accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LetsRecover WordPress plugin versions prior to 1.2.0 **Description** The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to high privilege users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP RSS By Publishers WordPress plugin version 0.1 **Description** The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins. **Recommendations** For WP RSS By Publishers WordPress plugin version 0.1, consider disabling the plugin until a patch is available to prevent potential SQL injection attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation by high privilege users.

**Name of the Vulnerable Software and Affected Versions** Quote-O-Matic WordPress plugin versions 1.0.0 through 1.0.5 **Description** The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high privilege users, such as admins. **Recommendations** For Quote-O-Matic WordPress plugin versions 1.0.0 through 1.0.5, update to a version later than 1.0.5 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qe SEO Handyman WordPress plugin versions 1.0 and earlier **Description** The issue arises from the plugin's failure to properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by high privilege users such as admin. **Recommendations** For Qe SEO Handyman WordPress plugin versions 1.0 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qe SEO Handyman WordPress plugin versions 1.0 and earlier **Description** The issue arises from the plugin's failure to properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection. This can be exploited by high privilege users such as admin. **Recommendations** For Qe SEO Handyman WordPress plugin versions 1.0 and earlier, consider disabling the plugin until a patch is available to prevent potential SQL injection exploitation. Restrict access to the plugin's functionality to minimize the risk of exploitation by high privilege users.

**Name of the Vulnerable Software and Affected Versions** LetsRecover WordPress plugin versions prior to 1.2.0 **Description** The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter before it is used in a SQL statement. This can be exploited by high-privilege users, such as administrators. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to high-privilege user accounts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LetsRecover WordPress plugin versions prior to 1.2.0 **Description** The issue is related to a SQL injection due to improper sanitization and escaping of a parameter used in a SQL statement via an AJAX action. This action is available to unauthenticated users, making it accessible without login credentials. The parameter in question is used in a way that allows an attacker to inject malicious SQL code, potentially leading to data manipulation or extraction. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action or disabling it until a patch is applied. Avoid using the vulnerable parameter in the affected AJAX endpoint until the issue is resolved.

**Nome do software vulnerável e versões afetadas** Versões do plugin Contest Gallery para WordPress anteriores à 19.1.5.1 Versões do plugin Contest Gallery Pro para WordPress anteriores à 19.1.5.1 **Descrição** A vulnerabilidade permite que usuários mal-intencionados com privilégios de autor, no mínimo, divulguem informações confidenciais do banco de dados do site. Isso se deve à falha em escapar o parâmetro POST `cg multiple files for post` antes de concatená-lo a uma consulta SQL em `0 change-gallery.php`. **Recomendações** Para versões do plugin Contest Gallery para WordPress anteriores à 19.1.5.1, atualize para a versão 19.1.5.1 ou posterior. Para versões do plugin Contest Gallery Pro para WordPress anteriores à 19.1.5.1, atualize para a versão 19.1.5.1 ou posterior. Como solução temporária, considere restringir o acesso ao arquivo `0 change-gallery.php` para minimizar o risco de exploração. Evite usar o parâmetro `cg multiple files for post` no endpoint da API afetado até que o problema seja resolvido.

**Nome do software vulnerável e versões afetadas** Versões do plugin Contest Gallery para WordPress anteriores à 19.1.5.1 Versões do plugin Contest Gallery Pro para WordPress anteriores à 19.1.5.1 **Descrição** A vulnerabilidade permite que usuários mal-intencionados com privilégios de autor, no mínimo, divulguem informações confidenciais do banco de dados do site. Isso se deve à falha em escapar o parâmetro POST `cg id` antes de concatená-lo a uma consulta SQL no arquivo 0 change-gallery.php. **Recomendações** Para versões do plugin Contest Gallery para WordPress anteriores à 19.1.5.1, atualize para a versão 19.1.5.1 ou posterior. Para versões do plugin Contest Gallery Pro para WordPress anteriores à 19.1.5.1, atualize para a versão 19.1.5.1 ou posterior. Como solução temporária, considere restringir o acesso ao arquivo 0 change-gallery.php para minimizar o risco de exploração. Evite usar o parâmetro `cg id` na solicitação POST afetada até que a vulnerabilidade seja resolvida.