Neppah

**Name of the Vulnerable Software and Affected Versions** Game Server Status WordPress plugin version 1.0 **Description** The issue concerns an authenticated SQL injection in an admin page. This occurs because the `server id` parameter is not validated or escaped before being used in a SQL statement. **Recommendations** For Game Server Status WordPress plugin version 1.0, consider avoiding the use of the `server id` parameter in the affected admin page until a patch is available. As a temporary workaround, restrict access to the admin page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GamePress WordPress plugin versions prior to 1.1.1 **Description** The issue is related to Reflected Cross-Site Scripting. The `op edit` POST parameter is not properly escaped before being outputted back in multiple Game Option pages, leading to potential security issues. **Recommendations** For GamePress WordPress plugin versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Game Option pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Custom Post View Generator WordPress plugin versions 0.4.6 and earlier **Description** The issue concerns the create post page AJAX action, which does not properly sanitise or escape user input. This leads to a Reflected Cross-Site issue, where user input is outputted back in the response without proper validation, potentially allowing malicious actions. The issue is accessible to authenticated users. **Recommendations** For Custom Post View Generator WordPress plugin versions 0.4.6 and earlier, update to a version that addresses this issue, as the current version does not properly handle user input sanitisation.