Donato Onofri

**Name of the Vulnerable Software and Affected Versions** Pricing Table Builder WordPress plugin versions 1.1.6 and earlier **Description** The issue is related to a SQL injection problem. It occurs because a `parameter` is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by high-privilege users, such as admins. **Recommendations** For Pricing Table Builder WordPress plugin versions 1.1.6 and earlier, update to a version that properly sanitises and escapes parameters used in SQL statements to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Steveas WP Live Chat Shoutbox WordPress plugin versions 1.4.2 and earlier **Description** The issue is related to Stored Cross-Site Scripting, which occurs because a parameter is not properly sanitized and escaped before being outputted back in the Shoutbox. This could be exploited against high-privilege users, such as admins. **Recommendations** For The Steveas WP Live Chat Shoutbox WordPress plugin versions 1.4.2 and earlier, update to a version that properly sanitizes and escapes parameters to prevent Stored Cross-Site Scripting. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Steveas WP Live Chat Shoutbox WordPress plugin versions 1.4.2 and earlier **Description** The issue is related to a SQL injection vulnerability. It occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement via an AJAX action. This action is available to unauthenticated users, making it accessible to remote attackers. The exploitation of this issue can allow an attacker to execute arbitrary SQL code. **Recommendations** For versions 1.4.2 and earlier, update to a version that addresses this SQL injection issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RSA Archer versions prior to 6.4.0.1 **Description** The issue allows a remote authenticated malicious user to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. **Recommendations** For RSA Archer versions prior to 6.4.0.1, update to version 6.4.0.1 or later to resolve the issue.