0Xdecafbad

**Name of the Vulnerable Software and Affected Versions** Wow Countdowns WordPress plugin versions prior to 3.1.3 **Description** The issue arises from the lack of sanitization of user input into the `did` parameter, which is then used in a SQL statement. This leads to an authenticated SQL Injection. **Recommendations** For Wow Countdowns WordPress plugin versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `did` parameter in the affected SQL statement until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sync WooCommerce Product feed to Google Shopping WordPress plugin versions 1.2.4 and earlier **Description** The issue concerns a SQL injection vulnerability in the admin dashboard. It arises from the improper sanitization of the `feed id` POST parameter for use in a SQL statement. This allows for potential exploitation. **Recommendations** For versions 1.2.4 and earlier, as a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation. Avoid using the `feed id` parameter in the affected POST requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ExportFeed WordPress plugin versions prior to 2.0.1.0 **Description** The issue arises from the lack of sanitization and escaping of the `product id` POST parameter, which is then used in a SQL statement. This leads to a SQL injection issue that can be exploited by high privilege users. **Recommendations** For ExportFeed WordPress plugin versions prior to 2.0.1.0, update to a version that includes the necessary sanitization and escaping of the `product id` parameter to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** WPcalc WordPress plugin versions 2.1 and earlier **Description** The issue is related to an authenticated SQL Injection vulnerability. It occurs because the plugin does not sanitize user input into the `did` parameter, which is then used in a SQL statement. This allows for potential exploitation by authenticated users. **Recommendations** For WPcalc WordPress plugin versions 2.1 and earlier, update to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.