To Quang Duong

**Name of the Vulnerable Software and Affected Versions** The Quiz Maker versions prior to 6.2.0.9 **Description** The issue arises from improper sanitization and escaping of the `order` and `orderby` parameters before their use in SQL statements, leading to SQL injection issues in the admin dashboard. **Recommendations** For versions prior to 6.2.0.9, update to version 6.2.0.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Survey Maker WordPress plugin versions prior to 1.5.6 **Description** The issue arises from the `get results()` and `get items()` functions not properly validating the `orderby` parameter before using it in SQL statements, leading to SQL injection issues in the admin dashboard. **Recommendations** For versions prior to 1.5.6, update to version 1.5.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get results()` and `get items()` functions until a patch is applied. Avoid using the `orderby` parameter in the affected SQL statements until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Popup Like box – Page Plugin WordPress plugin versions prior to 3.5.3 **Description** The issue arises from the `get fb likeboxes()` function not validating the `orderby` parameter before using it in SQL statements, leading to SQL injection issues in the admin dashboard. This allows for potential manipulation of database queries. **Recommendations** For versions prior to 3.5.3, update to version 3.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get fb likeboxes()` function until a patch is available. Avoid using the `orderby` parameter in the affected SQL statements until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FAQ Builder AYS WordPress plugin versions prior to 1.3.6 **Description** The issue concerns the `get faqs()` function, which did not properly validate the `orderby` parameter before using it in SQL statements. This oversight led to SQL injection issues in the admin dashboard. **Recommendations** For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get faqs()` function or validating the `orderby` parameter manually until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Photo Gallery by Ays – Responsive Image Gallery WordPress plugin versions prior to 4.4.4 **Description** The issue arises from the `get gallery categories()` and `get galleries()` functions not validating the `orderby` parameter before using it in SQL statements, leading to SQL injection issues in the admin dashboard. **Recommendations** For versions prior to 4.4.4, update to version 4.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Poll Maker WordPress plugin versions prior to 3.2.1 **Description** The issue concerns the `get poll categories()`, `get polls()`, and `get reports()` functions, which did not properly validate the `orderby` parameter before using it in SQL statements. This oversight led to SQL injection issues in the admin dashboard. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get poll categories()`, `get polls()`, and `get reports()` functions until a patch is applied. Avoid using the `orderby` parameter in the affected functions until the issue is resolved.