Two premium WordPress plugins, WPLMS and VibeBP, were found carrying a total of 18 security flaws, with most of them being critical.The vulnerabilities allowed remote, unauthenticated attackers to upload arbitrary files, execute code, escalate privileges, and perform SQL injections.The bugs have been patched, and users are advised to upgrade WPLMS to version 1.9.9.5.3 or newer, and VibeBP to version 1.9.9.7.7 or newer.Site owners are encouraged to enforce secure file uploads, SQL query sanitation, and role-based access controls for improved security.