Phan Trong Quan

Name of the Vulnerable Software and Affected Versions: Insert or Embed Articulate Content into WordPress versions 4.3000000025 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can be exploited by uploading malicious files to the server. Recommendations: For versions 4.3000000025 and earlier, consider disabling the file upload feature until a patch is available to prevent the upload of malicious files. Restrict access to the upload functionality to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: QuantumCloud SEO Help versions n/a through 6.6.0 Description: The issue is related to a Server-Side Request Forgery (SSRF) vulnerability, which allows for Server Side Request Forgery. Recommendations: For versions n/a through 6.6.0, update to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Verowa Connect versions 3.0.5 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command, which allows Blind SQL Injection. Recommendations: For versions 3.0.5 and earlier, update to a version later than 3.0.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive `SQL` commands and inputs to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WP Social Stream Designer versions 1.3 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, which can be exploited. Recommendations: For WP Social Stream Designer versions 1.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Aristo Rinjuang WP Inquiries versions 0.2.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For versions 0.2.1 and earlier, update to a version that includes a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** User Submitted Posts plugin for WordPress versions up to, and including, 20230809 **Description** The issue is related to Stored Cross-Site Scripting via the `user-submitted-content` parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. **Recommendations** For versions up to, and including, 20230809, consider disabling the `user-submitted-content` parameter until a patch is available to prevent exploitation. Restrict access to areas where user-submitted content is displayed to minimize the risk of arbitrary web script execution. Update to a version that includes proper input sanitization and output escaping for the `user-submitted-content` parameter to fully resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.