Aiden

**Name of the Vulnerable Software and Affected Versions** FormGent versions through 1.4.2 **Description** FormGent is susceptible to a Path Traversal issue. This allows for potential unauthorized access to files and directories outside the intended restricted area. **Recommendations** Update FormGent to a version later than 1.4.2.

**Name of the Vulnerable Software and Affected Versions** JobSearch versions prior to 3.0.8 **Description** The software contains a flaw due to deserialization of untrusted data. This can potentially allow for malicious code execution. **Recommendations** Update JobSearch to version 3.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** Whitebox-Studio Scape versions through 1.5.13 **Description** The software contains a flaw due to deserialization of untrusted data, which allows for object injection. **Recommendations** Update Whitebox-Studio Scape to a version newer than 1.5.13.

**Name of the Vulnerable Software and Affected Versions** WooCommerce Vehicle Parts Finder versions through 3.7 **Description** The WooCommerce Vehicle Parts Finder plugin contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts the `woo-vehicle-parts-finder` component. **Recommendations** Update WooCommerce Vehicle Parts Finder to a version later than 3.7.

**Name of the Vulnerable Software and Affected Versions** uxper Golo versions through 1.7.0 **Description** An Authentication Bypass Using an Alternate Path or Channel vulnerability exists in uxper Golo, allowing Authentication Abuse. **Recommendations** Update uxper Golo to a version later than 1.7.0.

Name of the Vulnerable Software and Affected Versions: QuanticaLabs MediCenter - Health Medical Clinic versions n/a through 15.1 Description: The software contains a deserialization of untrusted data issue, which allows for object injection. Recommendations: Versions prior to 15.1 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Exertio versions n/a through 1.3.2 Description: Deserialization of untrusted data in scriptsbundle Exertio allows object injection. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rustaurius Ultimate WP Mail versions 1.3.4 and below **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows unauthorized access and enables unauthenticated attackers to execute malicious SQL commands. **Recommendations** For versions 1.3.4 and below, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive database elements to minimize the risk of exploitation. Avoid using user-input data directly in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Productive Commerce versions n/a through 1.1.22 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 1.1.22, update to a version that includes a fix for this SQL Injection issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Advance Seat Reservation Management for WooCommerce plugin for WordPress versions up to, and including, 3.3 **Description** The issue allows for SQL Injection via the `profileId` parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. **Recommendations** For versions up to, and including, 3.3, consider disabling the `profileId` parameter until a patch is available to prevent SQL Injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Error Log Viewer versions 1.0.5 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows for unauthorized access and manipulation of database content. Recommendations: For Error Log Viewer versions 1.0.5 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Eazy Plugin Manager versions n/a through 4.3.0 Description: The issue is related to a missing authorization vulnerability in EazyPlugin Manager, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For versions n/a through 4.3.0, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Accessibility Suite by Online ADA versions n/a through 4.18 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially enabling unauthorized access or manipulation of database content. Recommendations: For versions n/a through 4.18, update to a version later than 4.18 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations until a patch is available.

Name of the Vulnerable Software and Affected Versions: Specia Companion versions n/a through 4.6 Description: The issue is related to a Missing Authorization vulnerability in Specia Theme Specia Companion, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/a through 4.6, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Magnigenie Review Stars Count For WooCommerce versions prior to 2.0 Description: The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL injection. This problem can potentially be exploited to inject malicious SQL code. Recommendations: For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database elements to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TextMe SMS versions 1.9.1 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For TextMe SMS versions 1.9.1 and earlier, update to a version that contains a fix for this issue, as no specific mitigation measures are provided.

**Name of the Vulnerable Software and Affected Versions** RSVPMarker versions n/a through 11.4.8 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 11.4.8, ensure immediate patching to prevent exploitation. As a temporary workaround, consider restricting access to sensitive database operations until a patch is available. Avoid using user-supplied input in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WPFactory Advanced WooCommerce Product Sales Reporting versions 3.1 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 3.1 and earlier, update to a version that includes a fix for this SQL Injection issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** XV Random Quotes versions n/a through 1.40 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which is a critical cyber security threat. **Recommendations** For versions n/a through 1.40, update to a version that addresses the SQL Injection vulnerability. As a temporary workaround, consider restricting access to sensitive database elements to minimize the risk of exploitation. Avoid using user-inputted data directly in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Brady Vercher Cue versions prior to 2.4.4 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions prior to 2.4.4, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.