Chu Quoc Khanh

Name of the Vulnerable Software and Affected Versions: TS Poll WordPress plugin versions prior to 2.4.0 Description: The issue allows admins to perform SQL injection attacks due to the lack of sanitization and escaping of a parameter before using it in a SQL statement. Recommendations: For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Concrete CMS versions 9.0.0 through 9.3.4 Concrete CMS versions below 8.5.19 Description: A Stored XSS vulnerability exists in the "Next&Previous Nav" block of Concrete CMS, allowing a rogue administrator to add a malicious payload that can be executed in the browsers of targeted users. This is due to insufficient sanitization of the block's output. Recommendations: For Concrete CMS versions 9.0.0 through 9.3.4, update to a version that includes the fix for this issue. For Concrete CMS versions below 8.5.19, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the "Next&Previous Nav" block until a patch is available.