Francisco Alisson

**Name of the Vulnerable Software and Affected Versions** WP-Optimize versions prior to 4.2.0 **Description** The issue arises from improper escaping of user input when checking image compression statuses. This could allow users with the administrator role to conduct SQL Injection attacks, particularly in Multi-Site WordPress configurations. **Recommendations** For versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the image compression status check functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: FunnelKit WordPress plugin versions prior to 3.10.2 Description: The issue allows administrators to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. Recommendations: For versions prior to 3.10.2, update to version 3.10.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Track Logins WordPress plugin versions 1.0 and earlier **Description** The issue allows administrators to perform SQL injection attacks due to the plugin not sanitizing and escaping a parameter before using it in a SQL statement. **Recommendations** For Track Logins WordPress plugin versions 1.0 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Includer (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the `template` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.