Dao Xuan Hieu

**Name of the Vulnerable Software and Affected Versions** EazyDocs WordPress plugin versions prior to 2.3.6 **Description** The issue allows unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections, due to the lack of authorization and CSRF checks when handling documents. This is because the plugin does not ensure that the documents are from the plugin itself. **Recommendations** For versions prior to 2.3.6, update to version 2.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the document handling functionality until a patch is applied. Avoid using the plugin's document management features with unauthenticated users until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** The Ni Purchase Order(PO) For WooCommerce WordPress plugin versions 1.2.1 and earlier **Description** The issue allows high-privileged users to upload arbitrary files to the web server by not validating logo and signature image files uploaded in the settings. This can trigger an RCE vulnerability by uploading a web shell. **Recommendations** For versions 1.2.1 and earlier, consider disabling the file upload feature in the settings until a patch is available. Restrict access to the settings page to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EazyDocs WordPress plugin versions prior to 2.3.4 **Description** The issue arises from the improper sanitization and escaping of the `data` parameter before its use in an SQL statement via an AJAX action. This could allow any authenticated users to perform SQL Injection attacks. **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX action that uses the `data` parameter until a patch is available. Avoid using the `data` parameter in the affected AJAX endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** School Management System WordPress plugin versions prior to 2.2.5 **Description** The issue is related to a SQL injection that can be exploited by relatively low-privilege users, such as Teachers. This occurs because the WordPress `esc sql()` function is used on a field not delimited by quotes and the query is not first prepared. **Recommendations** For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Locatoraid Store Locator WordPress plugin versions prior to 3.9.24 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the `lpr-search` parameter is not properly sanitised and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators. **Recommendations** For versions prior to 3.9.24, update to version 3.9.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the `lpr-search` parameter in the affected plugin until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** MultiParcels Shipping For WooCommerce WordPress plugin versions prior to 1.14.15 **Description** The issue arises from the plugin's failure to properly sanitize and escape a parameter before using it in an SQL statement. This could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. **Recommendations** For versions prior to 1.14.15, update to version 1.14.15 or later to resolve the issue. As a temporary workaround, consider restricting access to authenticated users to minimize the risk of exploitation.