Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blind Stored XSS

https://wpvulndb.com/vulnerabilities/9025

Swape Theme – Authentication Bypass and Stored XSS

https://wpvulndb.com/vulnerabilities/9024

Instagram Feed <= 1.5.1 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9023

flickrRSS <= 5.3.1 – XSS and CSRF

https://wpvulndb.com/vulnerabilities/9022

WordPress <= 4.9.2 – Application Denial of Service (DoS) (unpatched)

https://wpvulndb.com/vulnerabilities/9021

PropertyHive <= 1.4.14 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9020

User Control – Unauthenticated SQL Injection

https://wpvulndb.com/vulnerabilities/9019

Enfold Theme <= 4.2 – Rewrite Portfolio Permalink Structure & Information Disclosure

https://wpvulndb.com/vulnerabilities/9018

Social Media Widget by Acurax <= 3.2.5 – Stored XSS & CSRF

https://wpvulndb.com/vulnerabilities/9017

Splashing Images <= 2.1 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9016