The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users…

The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make…

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change…

The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a…

The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in…

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make…

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a…

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its…

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them,…

The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which…