Wuzhenyu

**Name of the Vulnerable Software and Affected Versions** Pricing Deals for WooCommerce WordPress plugin versions 2.0.2.02 and earlier **Description** The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection. **Recommendations** For Pricing Deals for WooCommerce WordPress plugin versions 2.0.2.02 and earlier, update to a version later than 2.0.2.02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Limit Login Attempts WordPress plugin versions prior to 4.0.50 **Description** The issue arises from the plugin not escaping IP addresses of attempted logins before outputting them in the reports table. This can be exploited by an attacker controlling the IP address via headers such as X-Forwarded-For, leading to an Unauthenticated Stored Cross-Site Scripting issue. **Recommendations** For versions prior to 4.0.50, update to version 4.0.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the reports table to minimize the risk of exploitation. Avoid using the `X-Forwarded-For` header in the affected plugin until the issue is resolved.