WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup is prone to multiple vulnerabilities, including arbitrary file download and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to gain access to sensitive information, which may aid in launching further attacks, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup version 4.11.33 is vulnerable; prior versions may also be affected.
Update to plugin version 4.11.37 or latest
WordPress Plugin Attached images title editor Cross-Site Scripting (1.1.1)
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.23)
Drupal Core 9.0.x Information Disclosure (9.0.0 - 9.0.5)
WordPress Plugin The Events Calendar Security Bypass (3.11.2)