CVE-2017-18571

The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.

Source: CVE-2017-18571

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder.

Source: CVE-2017-18574

CVE-2017-18575

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.

Source: CVE-2017-18575

CVE-2018-20979

The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type.

Source: CVE-2018-20979

CVE-2012-6716

The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.

Source: CVE-2012-6716

CVE-2015-9335

The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.

Source: CVE-2015-9335

CVE-2013-7477

The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.

Source: CVE-2013-7477

CVE-2016-10916

The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.

Source: CVE-2016-10916

CVE-2015-9336

The clean-login plugin before 1.5.1 for WordPress has reflected XSS.

Source: CVE-2015-9336

CVE-2016-10918

The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.

Source: CVE-2016-10918