Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.

Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via a request to the instagram-portfolio page in wp-admin/options-general.php.