John Lee

**Name of the Vulnerable Software and Affected Versions** RapidResult plugin for WordPress versions up to and including 1.2 **Description** The RapidResult plugin for WordPress is susceptible to SQL Injection due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries. Specifically, the `s` parameter is vulnerable. This allows authenticated attackers with contributor-level permissions or higher to inject additional SQL queries, potentially extracting sensitive information from the database. **Recommendations** Update the RapidResult plugin to a version newer than 1.2.

**Name of the Vulnerable Software and Affected Versions** WordPress Outdoor plugin versions prior to 1.3.3 **Description** The Outdoor plugin for WordPress is susceptible to SQL Injection through the 'edit' action. This is due to inadequate escaping of user-supplied input and insufficient preparation of existing SQL queries. An unauthenticated attacker can inject additional SQL queries into existing database queries, potentially extracting sensitive information. The `edit` action and the user-supplied parameter are involved in this issue. **Recommendations** Update the Outdoor plugin to version 1.3.3 or later.