The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.

The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.

The google-document-embedder plugin before 2.6.2 for WordPress has XSS.

The google-document-embedder plugin before 2.6.1 for WordPress has XSS.

The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.

The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection in the search filter on the submissions page.

The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.

The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.

The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.

The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.

The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.

The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.

The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.