[MEDIUM] WP Crontrol Authenticated (Administrator+) plugin vulnerable to Blind Server-Side Request Forgery

PKSA-s8n8-wvcv-s9wt CVE-2025-8678 GHSA-35c5-67fm-cpcp

Affected version: >=1.17.0,<1.19.2

Reported by:
GitHub

[HIGH] WP Crontrol vulnerable to possible RCE when combined with a pre-condition

PKSA-rnp9-g2v1-bz2h CVE-2024-28850 GHSA-9xvf-cjvf-ff5q

Affected version: <1.16.2

Reported by:
GitHub