Chuongvn

**Name of the Vulnerable Software and Affected Versions** Paid Videochat Turnkey Site versions prior to 7.3.23 **Description** A missing authorization issue exists due to incorrectly configured access control security levels, which allows for the exploitation of unauthorized access. **Recommendations** Update to a version newer than 7.3.23.

**Name of the Vulnerable Software and Affected Versions** Cozy Vision SMS Alert Order Notifications versions through 3.8.5 **Description** A flaw exists in Cozy Vision SMS Alert Order Notifications that allows for SQL Injection. This issue is due to improper neutralization of special elements within SQL commands. The vulnerability affects the SMS Alert Order Notifications functionality. **Recommendations** Update to a version later than 3.8.5.

Name of the Vulnerable Software and Affected Versions: CleverReach® WP versions through 1.5.20 Description: CleverReach® WP is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This allows for potential SQL injection attacks. Recommendations: Update CleverReach® WP to a version later than 1.5.20.

Name of the Vulnerable Software and Affected Versions: Cozmoslabs Paid Member Subscriptions versions 2.15.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions 2.15.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LifterLMS versions n/a through 8.0.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions n/a through 8.0.6, update to a version later than 8.0.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Anh Tran Slim SEO versions n/a through 4.5.4 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 4.5.4, update to a version later than 4.5.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** YaySMTP versions n/a through 2.6.4 **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for Blind SQL Injection, which can be exploited. **Recommendations** For YaySMTP versions n/a through 2.6.4, update to a version later than 2.6.4 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.