Đức Tài

**Name of the Vulnerable Software and Affected Versions** WPSchoolPress versions through 2.2.23 **Description** The School Management System – WPSchoolPress plugin for WordPress is susceptible to SQL Injection through the `SCodes` parameter. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. **Recommendations** Update WPSchoolPress to a version later than 2.2.23.

**Name of the Vulnerable Software and Affected Versions** Email Tracker – Email Log, Email Open Tracking, Email Analytics & Email Management for WordPress Emails plugin for WordPress versions through 5.3.12 **Description** The Email Tracker plugin for WordPress is susceptible to SQL Injection via the `orderby` parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. **Recommendations** Update the Email Tracker plugin to a version newer than 5.3.12.

**Name of the Vulnerable Software and Affected Versions** onOffice for WP-Websites plugin versions up to and including 5.7 **Description** The onOffice for WP-Websites plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and query preparation. Specifically, the `order` parameter is not properly escaped, allowing authenticated attackers with Editor-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. The vulnerable parameter is `order`. **Recommendations** Update the onOffice for WP-Websites plugin to a version newer than 5.7.

**Name of the Vulnerable Software and Affected Versions** NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 **Description** The software is susceptible to SQL Injection through the `orderby` parameter within the `nf load form entries` action. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries, potentially extracting sensitive database information. Lower-level users may also be able to exploit this if granted access by a site administrator. **Recommendations** Update NEX-Forms – Ultimate Forms Plugin for WordPress to a version later than 9.1.6.

**Name of the Vulnerable Software and Affected Versions** ELEX WooCommerce Google Shopping plugin for WordPress versions up to and including 1.4.3 **Description** The ELEX WooCommerce Google Shopping plugin for WordPress is susceptible to SQL Injection through the `file to delete` parameter. Insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. **Recommendations** Update ELEX WooCommerce Google Shopping plugin to a version later than 1.4.3.

Name of the Vulnerable Software and Affected Versions: Simple Download Monitor plugin for WordPress versions through 3.9.33 Description: The Simple Download Monitor plugin for WordPress is susceptible to time-based SQL Injection via the `order` parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow authenticated attackers with Contributor-level access or higher (with permissions granted by an Administrator) to append additional SQL queries to existing ones, potentially extracting sensitive information from the database. Recommendations: Update the Simple Download Monitor plugin to a version beyond 3.9.33.

**Name of the Vulnerable Software and Affected Versions** WordPress File Upload WordPress plugin versions prior to 4.24.8 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 4.24.8, update to version 4.24.8 or later to resolve the issue.