TablePress <= 1.8 – Authenticated XML External Entity (XXE)

https://wpvulndb.com/vulnerabilities/8963

InLinks 1.0 – Authenticated SQL Injection

https://wpvulndb.com/vulnerabilities/8962

Formidable Forms <= 2.05.02 – Multiple Vulnerabilities

https://wpvulndb.com/vulnerabilities/8961

Yoast SEO <= 5.7.1 – Unauthenticated Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/8960

Duplicator <= 1.2.28 – Stored Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/8959

bbPress – Unauthenticated SQL Injection

https://wpvulndb.com/vulnerabilities/8958

Email Log <= 2.2.2 – Stored Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/8957

WP Mail Logging <= 1.8.2 – Stored Cross-Site Scripting

https://wpvulndb.com/vulnerabilities/8956

Simple Events Calendar <= 1.3.5 – Authenticated SQL Injection

https://wpvulndb.com/vulnerabilities/8955

Events <= 2.3.4 – Authenticated SQL Injection

https://wpvulndb.com/vulnerabilities/8954