CVE-2016-11013

The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS.

Source: CVE-2016-11013

CVE-2016-10999

The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter.

Source: CVE-2016-10999

CVE-2016-11000

The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.

Source: CVE-2016-11000

CVE-2016-11001

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.

Source: CVE-2016-11001

CVE-2016-10998

The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.

Source: CVE-2016-10998

CVE-2016-10997

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.

Source: CVE-2016-10997

CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

Source: CVE-2015-9390

CVE-2015-9391

The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.

Source: CVE-2015-9391

CVE-2015-9389

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.

Source: CVE-2015-9389

CVE-2016-10996

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak.

Source: CVE-2016-10996