M. Awad

**Name of the Vulnerable Software and Affected Versions** NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress versions up to 8.7.13 **Description** The issue arises from insufficient escaping on the user-supplied `search params` parameter and a lack of sufficient preparation on the existing SQL query. This allows unauthenticated attackers to append additional SQL queries to existing ones, potentially extracting sensitive information from the database. The vulnerability can be exploited via CSRF due to a lack of nonce validation on the `get table records` AJAX action. **Recommendations** For versions up to 8.7.13, update to a version later than 8.7.13 to resolve the issue. As a temporary workaround, consider disabling the `get table records` AJAX action until a patch is available. Restrict access to the `search params` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tutor LMS versions up to, and including, 2.6.2 **Description** The issue is related to a missing capability check on the `hide notices` function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers to enable user registration on sites that may have it disabled. The vulnerability can be exploited by a remote attacker to gain read and modify access to data. **Recommendations** For versions up to, and including, 2.6.2, update to a version higher than 2.6.2 to resolve the issue. As a temporary workaround, consider disabling the `hide notices` function until a patch is available.