Syed Sheeraz Ali

**Name of the Vulnerable Software and Affected Versions** Hotscot Contact Form WordPress plugin versions prior to 1.3 **Description** The issue concerns the view submission functionality in the plugin, which makes a GET request with the `sub id` parameter. This parameter is not sanitized, escaped, or validated before being inserted into a SQL statement, leading to an SQL injection. **Recommendations** For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the view submission functionality to minimize the risk of exploitation. Avoid using the `sub id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tradetracker-Store WordPress plugin versions prior to 4.6.60 **Description** The issue concerns the `xmlfeed` in the Tradetracker-Store WordPress plugin, where the `test` parameter is not properly sanitized, escaped, or validated before being inserted into a SQL statement. This leads to SQL injection. **Recommendations** For versions prior to 4.6.60, update to version 4.6.60 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Responsive 3D Slider WordPress plugin versions 1.2 and earlier **Description** The Add new scene functionality in the Responsive 3D Slider WordPress plugin uses an `id` parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time-based SQL injection and in the same function, the vulnerable parameter is passed twice, so if a time of 5 seconds is passed, it takes 10 seconds to return since the query is ran twice. **Recommendations** For Responsive 3D Slider WordPress plugin versions 1.2 and earlier, consider disabling the Add new scene functionality until a patch is available to prevent SQL injection attacks. Restrict access to the `id` parameter in the affected function to minimize the risk of exploitation. Avoid using the `id` parameter in the affected SQL statement until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MicroCopy WordPress plugin versions 1.1.0 and earlier **Description** The issue arises from the edit functionality in the MicroCopy WordPress plugin, which makes a GET request to fetch a related option. The `id` parameter used in this process is not sanitized, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. **Recommendations** For MicroCopy WordPress plugin versions 1.1.0 and earlier, update to a version later than 1.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the edit functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** The Sorter WordPress plugin versions 1.0 and earlier **Description** The issue concerns the `check order` function, which uses an `area id` parameter that is not sanitized, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. **Recommendations** For The Sorter WordPress plugin versions 1.0 and earlier, consider disabling the `check order` function until a patch is available to prevent potential SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Display Users WordPress plugin versions prior to 2.0.1 **Description** The issue concerns the Edit Role functionality in the Display Users WordPress plugin. It has an `id` parameter that is not properly sanitized, escaped, or validated before being inserted into a SQL statement. This oversight leads to SQL injection. **Recommendations** For Display Users WordPress plugin versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Edit Role functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WP Domain Redirect WordPress plugin versions 1.0 and earlier **Description** The issue concerns the Edit domain functionality in the WP Domain Redirect WordPress plugin, where the `editid` parameter is not properly sanitized, escaped, or validated before being inserted into a SQL statement. This oversight leads to SQL injection. **Recommendations** For WP Domain Redirect WordPress plugin versions 1.0 and earlier, as a temporary workaround, consider restricting access to the Edit domain functionality until a patch is available. Avoid using the `editid` parameter in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP iCommerce WordPress plugin versions 1.1.1 and earlier **Description** The Orders functionality in the WP iCommerce WordPress plugin has an `order id` parameter that is not sanitized, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. This feature is available to low-privilege users, such as contributors. **Recommendations** For WP iCommerce WordPress plugin versions 1.1.1 and earlier, consider disabling the Orders functionality until a patch is available to prevent SQL injection attacks. Restrict access to the Orders feature to minimize the risk of exploitation, especially for low-privilege users. Avoid using the `order id` parameter in the affected SQL statement until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Page Contact plugin versions prior to 1.1 **Description** The Orders functionality in the WordPress Page Contact plugin has an issue where the `order id` parameter is not properly sanitized, escaped, or validated before being inserted into a SQL statement. This leads to SQL injection and the feature is accessible to low-privilege users, such as contributors. **Recommendations** For WordPress Page Contact plugin versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Orders functionality to high-privilege users until the update is applied. Avoid using the `order id` parameter in the affected functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WP-Board WordPress plugin versions 1.1 beta and earlier **Description** The issue concerns the WP-Board WordPress plugin, where the `options.php` file accepts a `postid` parameter without proper sanitization, escaping, or validation before inserting it into a SQL statement. This leads to a time-based SQL injection. The vulnerable parameter is passed twice in the same function, resulting in a prolonged response time if a specific time delay is introduced. **Recommendations** For WP-Board WordPress plugin versions 1.1 beta and earlier, consider restricting access to the `options.php` file until a patch is available. As a temporary workaround, avoid using the `postid` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WooCommerce WordPress plugin versions prior to 3.3.1.0 **Description** The issue arises from the fetch product ajax functionality in the Product Feed, where the `product id` POST parameter is not properly sanitised, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. **Recommendations** For versions prior to 3.3.1.0, update to version 3.3.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the fetch product ajax functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GSEOR – WordPress SEO Plugin versions through 1.3 **Description** The issue arises from the `pageid` GET parameter not being sanitised, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. This allows for potential manipulation of database queries. **Recommendations** For GSEOR – WordPress SEO Plugin versions through 1.3, consider disabling the `pageid` GET parameter until a patch is available to prevent SQL injection attacks. Restrict access to SQL queries to minimize the risk of exploitation. Avoid using the `pageid` parameter in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cashtomer WordPress plugin versions 1.0.0 and earlier **Description** The issue arises from the `editid` GET parameter of the Cashtomer WordPress plugin, which is not properly sanitised, escaped, or validated before being inserted into a SQL statement. This leads to SQL injection. **Recommendations** For Cashtomer WordPress plugin versions 1.0.0 and earlier, consider disabling the `editid` GET parameter until a patch is available. Restrict access to the SQL statement that utilizes the `editid` parameter to minimize the risk of exploitation. Avoid using the `editid` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WordPress Membership SwiftCloud.io WordPress plugin versions 1.0 and earlier **Description** The issue arises from the improper sanitization, escaping, or validation of the `id` GET parameter in the WordPress Membership SwiftCloud.io WordPress plugin, leading to SQL injection. **Recommendations** For WordPress Membership SwiftCloud.io WordPress plugin versions 1.0 and earlier, consider updating to a version where this issue is fixed, as using an unsanitized `id` GET parameter poses a significant risk. As a temporary workaround, restrict access to any API endpoints that utilize the `id` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Comment Highlighter WordPress plugin versions 0.13 and earlier **Description** The issue arises from a `c` GET parameter in the Comment Highlighter WordPress plugin that is not properly sanitized, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. **Recommendations** For Comment Highlighter WordPress plugin versions 0.13 and earlier, update to a version that properly sanitizes, escapes, or validates the `c` GET parameter to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Easy Testimonial Manager WordPress plugin versions 1.2.0 and earlier **Description** The issue is related to the `id` GET parameter in the Easy Testimonial Manager WordPress plugin, which is not properly sanitized, escaped, or validated before being inserted into a SQL statement. This leads to SQL injection. **Recommendations** For versions 1.2.0 and earlier, update to a version that properly sanitizes the `id` GET parameter to prevent SQL injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Embed Youtube Video WordPress plugin versions 1.0 and earlier **Description** The issue arises from the `editid` GET parameter not being sanitized, escaped, or validated before being inserted into a SQL statement, leading to SQL injection. **Recommendations** For Embed Youtube Video WordPress plugin versions 1.0 and earlier, consider updating to a version where the `editid` parameter is properly sanitized to prevent SQL injection. As a temporary workaround, consider restricting access to the API endpoint that utilizes the `editid` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WordPress plugin versions through 3.7.2 **Description** The issue arises from the `proid` GET parameter not being properly sanitized, escaped, or validated before being inserted into a SQL statement. This leads to SQL injection. **Recommendations** For versions through 3.7.2, update to a version that properly sanitizes the `proid` GET parameter to prevent SQL injection. As a temporary workaround, consider restricting access to the SQL statement that utilizes the `proid` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xllentech English Islamic Calendar WordPress plugin versions prior to 2.6.8 **Description** The issue arises when deleting a date in the plugin, where the `year number` and `month number` POST parameters are not properly sanitized, escaped, or validated before being used in a SQL statement, leading to SQL injection. **Recommendations** For versions prior to 2.6.8, update to version 2.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the date deletion functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Video Embed WordPress plugin versions 1.0 and earlier **Description** The issue concerns the `id` GET parameter in one of the Video Embed WordPress plugin's pages, which is accessible via forced browsing. This parameter is not sanitized, validated, or escaped before being used in a SQL statement, allowing low-privilege users, such as subscribers, to perform SQL injection. **Recommendations** For Video Embed WordPress plugin versions 1.0 and earlier, consider disabling the vulnerable page or restricting access to it until a patch is available. Avoid using the `id` GET parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.