WP Project Manager

Authenticated (Author+) Stored CrossSite Scripting via SVG File Upload vulnerability <= 2.6.22

Authenticated (Subscriber+) Stored CrossSite Scripting via SVG File Upload vulnerability <= 2.6.22

Cross Site Request Forgery (CSRF) Vulnerability <= 2.6.23

Authenticated (Subscriber+) SQL Injection via orderby Parameter vulnerability <= 2.6.17

Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update vulnerability <= 2.6.17