Nakleh Zeidan

**Name of the Vulnerable Software and Affected Versions** The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress versions prior to 2.1.1 **Description** The software is affected by Insufficient Verification of Data Authenticity. The `capture payment()` AJAX handler, registered via 'wp ajax nopriv em capture payment', trusts payment data provided by the client—specifically the `transaction ID`, `amount`, and `payment status`—without performing server-side verification against the PayPal API or other payment gateways. Additionally, the handler lacks nonce or capability checks. This allows unauthenticated attackers to forge payment records, mark bookings as Completed, and receive confirmation emails with valid QR code tickets without completing a payment. **Recommendations** Update the plugin to a version later than 2.1.0. As a temporary workaround, restrict access to the 'wp ajax nopriv em capture payment' AJAX handler to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Groundhogg versions prior to 4.2.6.2 **Description** The Groundhogg plugin for WordPress is susceptible to SQL Injection through the `term` parameter. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with Administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database. **Recommendations** Update Groundhogg to version 4.2.6.2 or later.