Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Ruhul Amin, Josh Lobe Simple Download Monitor allows Blind SQL Injection. This issue affects Simple Download Monitor: from n/a through 3.9.25.

Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ Compact WP Audio Player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through 1.9.14.

Missing Authorization vulnerability in Tips and Tricks HQ, wptipsntricks Stripe Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through 2.0.79.

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79.

Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7.

Missing Authorization vulnerability in Tips and Tricks HQ Easy Accept Payments.This issue affects Easy Accept Payments: from n/a through 4.9.10.

Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 (aka Not Found) HTTP status codes.

SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.