Easybug

**Name of the Vulnerable Software and Affected Versions** Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress versions 1.7.0 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. **Recommendations** For versions 1.7.0 and earlier, update to a version later than 1.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the database to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin versions <= 3.12.15 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin versions <= 3.12.15, update to a version higher than 3.12.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mammothology WP Full Stripe Free plugin versions 1.6.1 and earlier **Description** The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. **Recommendations** For Mammothology WP Full Stripe Free plugin versions 1.6.1 and earlier, update to a version later than 1.6.1 to resolve the issue.