CVE-2018-20974

The js-jobs plugin before 1.0.7 for WordPress has CSRF.
Source: NIST
CVE-2018-20974

CVE-2018-20973

The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.
Source: NIST
CVE-2018-20973

CVE-2018-20972

The companion-auto-update plugin before 3.2.1 for WordPress has CSRF.
Source: NIST
CVE-2018-20972

CVE-2018-20971

The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan.
Source: NIST
CVE-2018-20971

CVE-2017-18541

The xo-security plugin before 1.5.3 for WordPress has XSS.
Source: NIST
CVE-2017-18541

CVE-2014-10376

The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
Source: NIST
CVE-2014-10376

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
Source: NIST
CVE-2017-18543

CVE-2015-9323

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
Source: NIST
CVE-2015-9323

CVE-2015-9324

The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
Source: NIST
CVE-2015-9324

CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
Source: NIST
CVE-2017-18545