Yeraisci

**Name of the Vulnerable Software and Affected Versions** SEO Plugin by Squirrly SEO plugin versions 12.1.10 and earlier **Description** The issue concerns an arbitrary file upload vulnerability in the SEO Plugin by Squirrly SEO plugin, affecting WordPress. This vulnerability can be exploited by contributors and higher-privileged users. **Recommendations** For versions 12.1.10 and earlier, update to a version later than 12.1.10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Directorist WordPress plugin versions prior to 7.2.3 **Description** The issue allows administrators to download plugins from unverified sources, potentially enabling them to run code on the server. This poses a significant risk, particularly in multisite configurations. **Recommendations** For Directorist WordPress plugin versions prior to 7.2.3, update to version 7.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to download plugins from external sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Popup Builder plugin versions 2.2.8 through 2.6.7.6 **Description** The issue allows for SQL injection via PHP Deserialization on attacker-controlled data with the `attachmentUrl` POST variable in the `sgImportPopups` function in `sg popup ajax.php`. This enables the creation of an arbitrary WordPress Administrator account, potentially leading to Remote Code Execution since Administrators can run PHP code on WordPress instances. **Recommendations** For versions 2.2.8 through 2.6.7.6, update to the 3.x branch of the Popup Builder plugin to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sygnoos Popup Builder plugin versions prior to 3.45 **Description** A SQL injection issue exists due to the mishandling of Subscribers Table ordering in com/libs/Table.php, allowing a remote attacker to execute arbitrary SQL commands on the affected system. **Recommendations** For versions prior to 3.45, update to version 3.45 or later to resolve the issue. As a temporary workaround, consider restricting access to the com/libs/Table.php file until a patch is applied. Avoid using the Subscribers Table ordering feature in the affected plugin until the issue is resolved.