TablePress <= 1.8 – Authenticated XML External Entity (XXE)

https://wpvulndb.com/vulnerabilities/8963

Formidable Forms <= 2.05.02 – Multiple Vulnerabilities

https://wpvulndb.com/vulnerabilities/8961

Yoast SEO <= 5.7.1 – Unauthenticated Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/8960

Duplicator <= 1.2.28 – Stored Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/8959

bbPress – Unauthenticated SQL Injection

https://wpvulndb.com/vulnerabilities/8958

Email Log <= 2.2.2 – Stored Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/8957

WP Mail Logging <= 1.8.2 – Stored Cross-Site Scripting

https://wpvulndb.com/vulnerabilities/8956

WP Simple Booking Calendar Premium 6.0-6.1 – Unauthenticated Data leak

https://wpvulndb.com/vulnerabilities/8944

WP Simple Booking Calendar Premium 5.8–5.16 – Unauthenticated Data leak

https://wpvulndb.com/vulnerabilities/8943

WP Simple Booking Calendar Premium 5.0–5.4 – Unauthenticated Data leak

https://wpvulndb.com/vulnerabilities/8942