|
FileBird — WordPress Media Library Folders & File Manager ≤ 6.4.8
SQL Injection via the 'search' parameter allows authenticated attackers with Author-level access to extract sensitive database information.
ProfileGrid — User Profiles, Groups and Communities ≤ 5.9.5.4
Reflected Cross-Site Scripting (XSS) in pm_get_messenger_notification allows unauthenticated attackers to inject malicious scripts via crafted links.