Hakiduck

**Name of the Vulnerable Software and Affected Versions** s2Member versions n/a through 250214 **Description** The issue is related to a Relative Path Traversal vulnerability, which allows Path Traversal. This problem affects s2Member, enabling potential unauthorized access to files. **Recommendations** For versions n/a through 250214, update to a version that contains a fix for this issue, as the current version is affected by the Relative Path Traversal vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RapidLoad versions 2.4.4 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For versions 2.4.4 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SMS Alert Order Notifications – WooCommerce versions 3.7.8 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 3.7.8 and earlier, update to a version later than 3.7.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SMS Alert Order Notifications – WooCommerce versions 3.7.8 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. **Recommendations** For versions 3.7.8 and earlier, update to a version later than 3.7.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress Auction Plugin versions n/a through 3.7 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 3.7, update to a version later than 3.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Avoid using user-supplied input in SQL commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** s2Member Pro versions n/a through 241114 **Description** The issue is related to an Improper Control of Generation of Code ('Code Injection') vulnerability, which allows Code Injection. **Recommendations** For versions n/a through 241114, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Owen Cutajar & Hyder Jaffari WordPress Auction Plugin versions n/a through 3.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions n/a through 3.7, update to a version that fixes this issue, as the current version is affected by Stored XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Auction Plugin versions n/a through 3.7 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For WordPress Auction Plugin versions n/a through 3.7, update to a version later than 3.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ni WooCommerce Cost Of Goods versions 3.2.8 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which can be exploited by attackers. **Recommendations** For versions 3.2.8 and earlier, update to a version later than 3.2.8 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries until a patch is available. Avoid using user-supplied input in SQL commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress Portfolio Builder – Portfolio Gallery versions 1.1.7 and earlier **Description** The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. The problem enables an attacker to inject malicious code into a website, potentially affecting users who visit the compromised page. **Recommendations** For WordPress Portfolio Builder – Portfolio Gallery versions 1.1.7 and earlier, update to a version later than 1.1.7 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Supsystic Popup versions 1.10.29 and earlier **Description** The issue is related to Improper Neutralization of Special Elements Used in a Template Engine, which allows Command Injection. This could potentially be exploited through API endpoints or vulnerable parameters, although specific details about exploitation are not provided. **Recommendations** For versions 1.10.29 and earlier, update to a version later than 1.10.29 to resolve the issue. At the moment, there is no information about other mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Event Tickets with Ticket Scanner versions 2.3.11 and earlier **Description** The issue affects Event Tickets with Ticket Scanner, allowing Server Side Include (SSI) Injection due to improper neutralization of special elements used in a template engine. This can lead to security risks. **Recommendations** For versions 2.3.11 and earlier, update to version 2.3.12 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Post SMTP versions n/a through 2.9.9 **Description** The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection' vulnerability, which allows Blind SQL Injection. **Recommendations** For Post SMTP versions n/a through 2.9.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Podlove Podcast Publisher versions through 4.1.15 **Description** The issue is related to an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. This vulnerability allows for remote attacks due to flaws in the template engine. **Recommendations** For versions through 4.1.15, update to a newer version to mitigate the risk of cyber attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Namaste! LMS versions through 2.6.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Reflected XSS attacks. Recommendations: For versions through 2.6.2, update to a version that contains a fix for this issue, as the current version is affected by the Reflected XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Namaste! LMS versions through 2.6.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows for Stored XSS attacks. Recommendations: For versions through 2.6.2, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: WP SEO – Calin Vingan Premium SEO Pack versions 1.6.001 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions 1.6.001 and earlier, update to a version that fixes this issue, as the current version is affected by the SQL Injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Product Filter by WBW versions 2.7.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions 2.7.0 and earlier, update to a version later than 2.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the SQL command functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Backup and Staging by WP Time Capsule versions 1.22.21 and earlier **Description** The issue is related to Deserialization of Untrusted Data, which allows Object Injection. **Recommendations** For versions 1.22.21 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WPGrim Classic Editor and Classic Widgets versions 1.4.1 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to manipulate database queries and potentially gain unauthorized access. **Recommendations** For versions 1.4.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.