Manich Koomsusi

**Name of the Vulnerable Software and Affected Versions** Uplay version 92.0.0.6280 **Description** The issue is related to insecure permissions in the software. **Recommendations** For version 92.0.0.6280, update to a newer version that addresses the insecure permissions issue.

**Name of the Vulnerable Software and Affected Versions** WatuPRO plugin versions prior to 5.5.3.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `watupro questions` parameter in a `watupro submit` action to the "/wp-admin/admin-ajax.php" API endpoint. **Recommendations** For versions prior to 5.5.3.7, update to version 5.5.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php" API endpoint to minimize the risk of exploitation. Avoid using the `watupro questions` parameter in the affected API endpoint until the issue is resolved.