Johannes Lauinger

Name of the Vulnerable Software and Affected Versions: Web Application (affected versions not specified) Description: A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data, which allows the exfiltration of all data. This occurs because the application does not correctly handle input data from HTTP requests. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Admin Columns WordPress plugin Free versions prior to 4.3.2 Admin Columns WordPress plugin Pro versions prior to 5.5.2 **Description** The issue allows configuration of individual columns for tables, with a column type of "Custom Field" enabling the choice of an arbitrary database column to display in the table. However, there is no escaping applied to the contents of "Custom Field" columns. **Recommendations** For Admin Columns WordPress plugin Free versions prior to 4.3.2, update to version 4.3.2 or later. For Admin Columns WordPress plugin Pro versions prior to 5.5.2, update to version 5.5.2 or later.