Hoshino

**Name of the Vulnerable Software and Affected Versions** JetBooking versions up to and including 4.0.3 **Description** The JetBooking plugin for WordPress is susceptible to SQL Injection through the `check in date` parameter. This is a result of inadequate escaping of user-supplied input and insufficient preparation of the existing SQL query. This allows unauthenticated attackers to append additional SQL queries to existing queries, potentially enabling them to extract sensitive information from the database. **Recommendations** Versions prior to 4.0.4 are affected. Update JetBooking to version 4.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** User Registration & Membership – Custom Registration Form, Login Form, and User Profile versions prior to 5.1.3 **Description** The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress contains a flaw due to missing validation on the `member id` user-controlled key within the `register member` function. This insecure direct object reference allows unauthenticated attackers to delete arbitrary user accounts that recently registered on the site and have the `urm user just created` user meta set. **Recommendations** Update User Registration & Membership – Custom Registration Form, Login Form, and User Profile to version 5.1.3 or later.