WordPress Plugin Advanced Custom Fields is prone to a remote file include vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. WordPress Plugin Advanced Custom Fields version 3.5.1 is vulnerable; prior versions may also be affected.
Update to plugin version 3.5.2 or latest
WordPress Plugin TablePress XML External Entity Injection (1.8)
WordPress Plugin Newsletter Open Redirect (3.7.0)
WordPress Plugin April's Super Functions Pack Cross-Site Scripting (1.4.7)
WordPress Plugin yURL ReTwitt Cross-Site Request Forgery (1.4)