The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.

Source

The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event.

Source

The booking-sms plugin before 1.1.0 for WordPress has XSS.

Source

The updater plugin before 1.35 for WordPress has multiple XSS issues.

Source

The weblibrarian plugin before 3.4.8.7 for WordPress has XSS via front-end short codes.

Source

The weblibrarian plugin before 3.4.8.6 for WordPress has XSS via front-end short codes.

Source

The weblibrarian plugin before 3.4.8.5 for WordPress has XSS via front-end short codes.

Source

The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.

Source