The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Readymade Job Site Script has XSS via the keyword parameter to the /job URI.

Readymade Job Site Script has CSRF via the /job URI.

Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.

Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.

Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.