Dutafi

**Name of the Vulnerable Software and Affected Versions** miniOrange WordPress Social Login and Register versions through 7.7.0 **Description** The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. The `miniOrange WordPress Social Login and Register` software is affected. **Recommendations** Update to a version newer than 7.7.0.

**Name of the Vulnerable Software and Affected Versions** NEX-Forms – Ultimate Forms Plugin for WordPress versions through 9.1.6 **Description** The software is susceptible to SQL Injection through the `orderby` parameter within the `nf load form entries` action. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries, potentially extracting sensitive database information. Lower-level users may also be able to exploit this if granted access by a site administrator. **Recommendations** Update NEX-Forms – Ultimate Forms Plugin for WordPress to a version later than 9.1.6.