Dimitrios Tsagkarakis

**Name of the Vulnerable Software and Affected Versions** Event List plugin version 0.7.8 **Description** The issue allows an authenticated user to execute arbitrary SQL commands. This is achieved via the `id` parameter to the "wp-admin/admin.php" endpoint. **Recommendations** For Event List plugin version 0.7.8, avoid using the `id` parameter in the "wp-admin/admin.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "wp-admin/admin.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Jobs plugin version 1.4 and earlier **Description** The issue allows authenticated users to execute arbitrary SQL commands. This is achieved by exploiting the `jobid` parameter in the `/wp-admin/edit.php` endpoint. **Recommendations** For WP Jobs plugin versions prior to 1.5, update to version 1.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WP-Testimonials plugin version 3.4.1 **Description** The issue allows an authenticated user to execute arbitrary SQL commands. This is achieved via the `testid` parameter to the "wp-admin/admin.php" endpoint. **Recommendations** For WP-Testimonials plugin version 3.4.1, consider restricting access to the `wp-admin/admin.php` endpoint until a patch is available. As a temporary workaround, avoid using the `testid` parameter in the affected endpoint to minimize the risk of exploitation.