Sarciszewski

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.4 **Description** The issue makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. **Recommendations** For versions prior to 4.4, update to version 4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP Limit Login Attempts plugin versions prior to 2.0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the getip function, specifically via the `X-Forwarded-For` or `Client-IP` HTTP headers. **Recommendations** For WP Limit Login Attempts plugin versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `getip` function in `wp-limit-login-attempts.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Slim versions prior to 2.6.0 **Description** The issue allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted session data in the Middleware/SessionCookie.php file. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue.