Devl00P

**Name of the Vulnerable Software and Affected Versions** AMP+ Plus WordPress plugin versions 3.0 and earlier **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitised and escaped before being outputted back in the page. This could be used against high privilege users such as admin. **Recommendations** For AMP+ Plus WordPress plugin versions 3.0 and earlier, update to a version later than 3.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Sessions Time Monitoring Full Automatic WordPress plugin version 1.0.8 and earlier **Description** The issue is related to the lack of sanitization of the request URL or query parameters before using them in an SQL query. This allows unauthenticated attackers to extract sensitive data from the database via blind time-based SQL injection techniques or, in some cases, an error/union-based technique. **Recommendations** For WP Sessions Time Monitoring Full Automatic WordPress plugin version 1.0.8 and earlier, update to version 1.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's SQL queries until a patch is applied. Avoid using the plugin with untrusted input until the issue is resolved.