Vulnerability history

SQL Injection vulnerability

SQL Injection vulnerability

Unauthenticated SQL Injection via 'fields' Parameter vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint vulnerability

Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information Exposure vulnerability

Unauthenticated SQL Injection via 'append_where_sql' Parameter vulnerability

Broken Access Control vulnerability

Broken Access Control vulnerability

Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters vulnerability

Unauthenticated Sensitive Information Exposure vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability

Reflected Cross-Site Scripting vulnerability

Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Admin+ Template Injection to RCE vulnerability

Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Reflected Cross Site Scripting (XSS) vulnerability

Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated (Subscriber+) SQL Injection vulnerability

Cross-Site Request Forgery to Plugin Data Reset vulnerability

SQL Injection vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Email Address Disclosure vulnerability