Chive

**Name of the Vulnerable Software and Affected Versions** Smart Slider 3 versions prior to 3.5.1.29 **Description** The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the `sliderid` parameter. Insufficient escaping of user-supplied parameters and inadequate preparation of existing SQL queries allow authenticated attackers with Administrator-level access or higher to append additional SQL queries to existing ones, potentially extracting sensitive information from the database. **Recommendations** Update Smart Slider 3 to version 3.5.1.29 or later.

**Name of the Vulnerable Software and Affected Versions** Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions prior to 1.45.1 **Description** The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is susceptible to time-based SQL Injection via the `order by` parameter. Insufficient escaping of user-supplied input and inadequate SQL query preparation allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries, potentially extracting sensitive information from the database. **Recommendations** Update Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress to version 1.45.1 or later.