Nawardrox

Name of the Vulnerable Software and Affected Versions: Salon booking system versions <= 10.16 Description: The issue is related to Unauthenticated Cross Site Request Forgery (CSRF) in the Salon booking system. Recommendations: For versions <= 10.16, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LambertGroup Video Player & FullScreen Video Background versions 2.4.1 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for Blind SQL Injection, which can be exploited. Recommendations: For versions 2.4.1 and earlier, update to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WPSmartContracts versions prior to 2.0.10 Description: The issue is related to an improper neutralization of special elements used in an SQL command, allowing Blind SQL Injection. This enables an attacker to inject malicious SQL code, potentially leading to unauthorized access or data manipulation. The estimated number of potentially affected devices worldwide is not available. There is no information provided about real-world incidents where this issue was exploited. Recommendations: For versions prior to 2.0.10, update to a version newer than 2.0.10 to resolve the issue. As a temporary workaround, consider restricting access to sensitive SQL commands or disabling the `SQL` functionality until a patch is available. Avoid using user-input data directly in SQL queries to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PickPlugins Wishlist versions 1.0.43 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for SQL Injection in PickPlugins Wishlist. Recommendations: For versions 1.0.43 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive database elements to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dimitri Grassi Salon booking system versions n/a through 10.10.7 **Description** The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control security levels. **Recommendations** For versions n/a through 10.10.7, update to a version that includes the necessary security patches to fix the Missing Authorization vulnerability. As a temporary workaround, consider restricting access to sensitive features in the Salon booking system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT) All in One versions n/a through 2.1.7 **Description** The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can be exploited by potential attacks. **Recommendations** For versions n/a through 2.1.7, update to a version later than 2.1.7 to resolve the issue. As a temporary workaround, consider restricting access to sensitive SQL commands until a patch is available. Avoid using user-supplied input in SQL commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ni WooCommerce Cost Of Goods versions 3.2.8 and earlier **Description** The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. **Recommendations** For Ni WooCommerce Cost Of Goods versions 3.2.8 and earlier, update to a version later than 3.2.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Andy Moyle Church Admin versions n/a through 5.0.18 **Description** The issue affects Andy Moyle Church Admin, allowing SQL Injection due to improper neutralization of special elements used in an SQL command. This can lead to unauthorized access and manipulation of database content. **Recommendations** For versions n/a through 5.0.18, update to a version later than 5.0.18 to resolve the SQL Injection issue. As a temporary workaround, consider restricting access to sensitive database elements until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jürgen Müller Easy Quotes versions 1.2.2 and earlier **Description** The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. **Recommendations** For versions 1.2.2 and earlier, update to a version that addresses the SQL Injection vulnerability. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Post Author versions 3.8.2 and earlier **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially permitting unauthorized access or manipulation of database content. **Recommendations** For versions 3.8.2 and earlier, update to a version later than 3.8.2 to resolve the SQL Injection issue. As a temporary workaround, consider restricting access to the SQL command functionality until a patch is available. Avoid using user-supplied input in SQL commands to minimize the risk of exploitation.