Yousof Nahya

**Name of the Vulnerable Software and Affected Versions** Custom Admin Menu WordPress plugin versions through 1.0.0 **Description** The plugin does not properly sanitise and escape a parameter before displaying it on a page, which can lead to a Reflected Cross-Site Scripting issue. This could potentially be used to target users with high privileges, such as administrators. The issue involves improper handling of user-supplied input, allowing malicious scripts to be injected into the web page. **Recommendations** Update the Custom Admin Menu WordPress plugin to a version beyond 1.0.0.

**Name of the Vulnerable Software and Affected Versions** db-access WordPress plugin versions through 0.8.7 **Description** The db-access WordPress plugin does not have proper authorization for an AJAX action. This allows authenticated users, including those with subscriber privileges, to potentially execute SQL injection attacks. The vulnerability allows any authenticated user to perform SQLi attacks. **Recommendations** Update the db-access WordPress plugin to a version later than 0.8.7.

**Name of the Vulnerable Software and Affected Versions** donation WordPress plugin version 1.0 **Description** The plugin does not properly sanitize and escape a parameter before using it within a SQL statement. This allows users with high privileges, such as administrators, to potentially execute SQL injection attacks. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broken Link Manager WordPress plugin versions through 0.6.5 **Description** The software does not properly sanitize and escape a parameter before displaying it on a page. This can lead to a Reflected Cross-Site Scripting (XSS) issue. This could potentially be used to compromise accounts with high privileges, such as administrators. **Recommendations** Update to a version of the Broken Link Manager WordPress plugin later than 0.6.5.

**Name of the Vulnerable Software and Affected Versions** attention-bar WordPress plugin versions through 0.7.2.1 **Description** The attention-bar WordPress plugin does not properly sanitize and escape a parameter before using it in a SQL statement. This allows users with high privileges, such as administrators, to potentially execute SQL injection attacks. **Recommendations** Update the attention-bar WordPress plugin to a version later than 0.7.2.1.