WP Project Manager

Authenticated (Subscriber+) SQL Injection via orderby Parameter vulnerability <= 2.6.17

Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability <= 2.6.17

Cross Site Scripting (XSS) vulnerability <= 2.6.21

Authenticated (Subscriber+) SQL Injection vulnerability <= 2.6.16

Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API vulnerability <= 2.6.15