Ahmed Makawi

**Name of the Vulnerable Software and Affected Versions** Xstore WordPress theme versions prior to 9.7.3 **Description** An issue exists where a parameter is not properly sanitized and escaped before being used in a SQL statement. This occurs via an AJAX action that is accessible to unauthenticated users, which can lead to a SQL injection. SQL injection is a type of vulnerability that allows an attacker to interfere with the queries that an application makes to its database. **Recommendations** Update to version 9.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** Get Use APIs WordPress plugin versions prior to 2.0.10 **Description** The Get Use APIs WordPress plugin executes imported JSON, potentially enabling Cross-Site Scripting (XSS) attacks. Users with a contributor role or higher may be able to perform these attacks under specific server configurations. **Recommendations** Update the Get Use APIs WordPress plugin to version 2.0.10 or later.