WordPress WP Guppy plugin version 1.1 suffers from a WP-JSON API sensitive information disclosure vulnerability.
0c184ef5480f8c0da90f3e998eda5373612fb8589ab006d4fb7fc530d12db79f
WordPress Smart Product Review plugin versions 1.0.4 and below suffer from a remote shell upload vulnerability.
29a1fcc09577e084c0c089ef3d7a429a755dafcc54dfac7e29bf7520ce0f0f63