Manhluat93

**Name of the Vulnerable Software and Affected Versions** My Category Order plugin versions 2.8 and earlier for WordPress **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `parentID` parameter in an "act OrderCategories" action to "wp-admin/post-new.php". **Recommendations** For My Category Order plugin versions 2.8 and earlier, update to a version later than 2.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jobline (com jobline) versions 1.1.2.2 through 1.3.1 and possibly earlier versions **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `search` parameter in a results action to "index.php", which invokes the search method from the `searchJobPostings` function in "jobline.php". This is a SQL injection vulnerability in the search method in jobline.class.php, a component for Joomla!. **Recommendations** For versions 1.1.2.2 through 1.3.1 and possibly earlier versions, consider disabling the search function in jobline.class.php until a patch is available. Restrict access to the `search` parameter in the results action to "index.php" to minimize the risk of exploitation. Avoid using the `search` parameter in the affected API endpoint until the issue is resolved.