Vulnerability history

Unauthenticated SQL Injection via 'fields' Parameter vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability

Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability

Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability

Broken Access Control vulnerability

Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability

Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability

Reflected Cross-Site Scripting vulnerability

Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Admin+ Template Injection to RCE vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Reflected Cross Site Scripting (XSS) vulnerability

Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated (Subscriber+) SQL Injection vulnerability

Cross-Site Request Forgery to Plugin Data Reset vulnerability

SQL Injection vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Email Address Disclosure vulnerability