WordPress Plugin DukaPress is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin DukaPress version 2.5.2 is vulnerable; prior versions may also be affected.
Update to plugin version 2.5.4 or latest
WordPress Plugin NextGEN Gallery-WordPress Gallery Privilege Escalation (3.2.2)
WordPress Plugin Surveys SQL Injection (1.01.8)
WordPress Plugin Nginx Helper Cross-Site Scripting (1.8.9)
Drupal Core 9.1.x Cross-Site Scripting (9.1.0 - 9.1.8)
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)