Nguyen Kim Sang

**Name of the Vulnerable Software and Affected Versions** WP SMS versions through 6.9.12 **Description** The software contains a flaw due to improper neutralization of special elements used in an SQL command, specifically a SQL Injection issue. This allows for potential manipulation of database queries. **Recommendations** Update WP SMS to a version newer than 6.9.12.

**Name of the Vulnerable Software and Affected Versions** AutomatorWP versions through 5.2.4 **Description** Improper neutralization of special elements used in an SQL command allows for SQL injection. The issue affects the AutomatorWP plugin. **Recommendations** Update AutomatorWP to a version later than 5.2.4.

Name of the Vulnerable Software and Affected Versions: Mojoomla School Management versions prior to 93.2.0 Description: A missing authorization flaw in Mojoomla School Management allows exploitation of incorrectly configured access control security levels. Recommendations: Update Mojoomla School Management to version 93.2.0 or later.

Name of the Vulnerable Software and Affected Versions: infosoftplugin WooCommerce Point Of Sale (POS) versions n/a through 1.4 Description: An improper neutralization of special elements used in an SQL command vulnerability exists in infosoftplugin WooCommerce Point Of Sale (POS), allowing for SQL injection. Recommendations: Update infosoftplugin WooCommerce Point Of Sale (POS) to a version later than 1.4.

**Name of the Vulnerable Software and Affected Versions** pakkemx Pakke Envíos versions through 1.0.2 **Description** The software contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential SQL Injection attacks. **Recommendations** Update pakkemx Pakke Envíos to a version later than 1.0.2.

Name of the Vulnerable Software and Affected Versions: DirectIQ Email Marketing versions n/a through 2.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions n/a through 2.0, update to a version that includes a fix for this SQL Injection issue, as using this version poses a significant risk due to the potential for unauthorized data access and manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: YayCommerce YaySMTP versions n/a through 6.8.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For YayCommerce YaySMTP versions n/a through 6.8.1, update to a version later than 6.8.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Ninja Team File Manager Pro versions 1.8.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting (XSS) vulnerability, specifically Stored XSS. This allows for malicious scripts to be stored on the server and executed when a user accesses the affected web page. Recommendations: For Ninja Team File Manager Pro versions 1.8.8 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostaPanduri versions n/a through 2.1.3 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For PostaPanduri versions n/a through 2.1.3, update to a version later than 2.1.3 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific vulnerability.

**Name of the Vulnerable Software and Affected Versions** ShortLinks Pro versions 1.0.0 through 1.0.7 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions 1.0.0 through 1.0.7, update to a version that addresses the SQL Injection issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Agile Logix Store Locator WordPress versions 1.5.2 and earlier **Description** The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. **Recommendations** For Agile Logix Store Locator WordPress versions 1.5.2 and earlier, update to a version that fixes this issue. As a temporary workaround, consider restricting file uploads to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Store Locator WordPress versions n/a through 1.5.1 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 1.5.1, update to a version that fixes the SQL Injection issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GamiPress versions n/a through 7.4.5 **Description** The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. **Recommendations** For versions n/a through 7.4.5, update to a version later than 7.4.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.