A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue

An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion

The Add new scene functionality in the Responsive 3D Slider WordPress plugin through 1.2 uses an id parameter which is not sanitised, escaped or validated before being inserted to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query is ran twice.

Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download.

Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls.

SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.