Mateusz Lach

**Name of the Vulnerable Software and Affected Versions** DJ-HelpfulArticles component for Joomla (affected versions not specified) **Description** The issue is related to a XSS vulnerability in the DJ-HelpfulArticles component for Joomla. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Spider Event Calendar version 1.4.9 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat id` parameter in a `spiderbigcalendar month` action to the "/wp-admin/admin-ajax.php" API endpoint. **Recommendations** For Spider Event Calendar version 1.4.9, consider restricting access to the `cat id` parameter in the `/wp-admin/admin-ajax.php` API endpoint until a patch is available. As a temporary workaround, avoid using the `cat id` parameter in the affected API endpoint until the issue is resolved.