Sein Linn

**Name of the Vulnerable Software and Affected Versions** The Form Maker by 10Web versions prior to 1.15.41 **Description** An issue exists where authenticated attackers with Administrator-level access or higher can append additional SQL queries to extract sensitive information from the database. This occurs because the `WDW FM Library::validate data()` method uses `stripslashes()` on user input, removing standard protection, and the `FMModelSubmissions fm::get labels parameters()` function concatenates user-supplied values into SQL queries without proper preparation. The affected parameters are 'ip search', 'startdate', 'enddate', 'username search', and 'useremail search'. Furthermore, the Submissions controller fails to perform nonce verification for the 'display' task, allowing the issue to be triggered via Cross-Site Request Forgery (CSRF), which is a technique where an attacker tricks a user into performing an unwanted action. **Recommendations** Update to a version later than 1.15.40. As a temporary workaround, restrict access to the 'display' task in the Submissions controller or avoid using the parameters `ip search`, `startdate`, `enddate`, `username search`, and `useremail search` until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Business Directory Plugin – Easy Listing Directories for WordPress versions prior to 6.4.3 **Description** The Business Directory Plugin – Easy Listing Directories for WordPress is susceptible to time-based SQL Injection. This is due to inadequate escaping of user-supplied input and insufficient preparation of existing SQL queries. The `payment` parameter is the entry point for this issue, potentially allowing unauthenticated attackers to inject additional SQL queries to extract sensitive information from the database. **Recommendations** Update to version 6.4.3 or later. As a temporary workaround, restrict access to the `payment` parameter.

**Name of the Vulnerable Software and Affected Versions** Business Directory Plugin for WordPress versions prior to 6.4.21 **Description** The Business Directory Plugin for WordPress is affected by an authorization bypass. A missing authorization check allows unauthenticated attackers to modify directory listings. Attackers can change listing details like titles, content, and email addresses by referencing the listing ID in requests to the `wpbdp ajax` API endpoint. The vulnerable parameter is the listing ID. **Recommendations** Update to version 6.4.21 or later.