flickrRSS <= 5.3.1 – XSS and CSRF

https://wpvulndb.com/vulnerabilities/9022

WordPress <= 4.9.2 – Application Denial of Service (DoS) (unpatched)

https://wpvulndb.com/vulnerabilities/9021

PropertyHive <= 1.4.14 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9020

Social Media Widget by Acurax <= 3.2.5 – Stored XSS & CSRF

https://wpvulndb.com/vulnerabilities/9017

Splashing Images <= 2.1 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9016

Splashing Images <= 2.1 – Authenticated PHP Object Injection

https://wpvulndb.com/vulnerabilities/9015

Email Subscribers & Newsletters <= 3.4.7 – Unauthenticated Subscriber Download

https://wpvulndb.com/vulnerabilities/9014

Google Forms <= 0.91 – Unauthenticated Server-Side Request Forgery (SSRF)

https://wpvulndb.com/vulnerabilities/9013

Booking calendar <= 2.1.7 – Authenticated Stored XSS & CSRF

https://wpvulndb.com/vulnerabilities/9012

read-and-understood <= 2.1 – Authenticated Stored XSS & CSRF

https://wpvulndb.com/vulnerabilities/9011