WordPress Plugin Ajax Category Dropdown is prone to multiple SQL injection vulnerabilities and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Ajax Category Dropdown version 0.1.5 is vulnerable; other versions may also be affected.
Edit the source code to ensure that input is properly sanitised or disable the plugin until a fix is available
WordPress Plugin Local Market Explorer 'api-key' Parameter Cross-Site Scripting (3.1.1)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Local File Inclusion (1.5.24)
WordPress Plugin Code Insert Manager (Q2W3 Inc Manager) ZeroClipboard Cross-Site Scripting (2.3.1)
WordPress Plugin Custom 404 Pro Cross-Site Scripting (3.2.8)
WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership Cross-Site Scripting (2.4.0)