The LifterLMS - WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
The MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including,. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable.