WordPress Plugin Booking Calendar is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Booking Calendar version 7.0 is vulnerable; prior versions may also be affected.
Update to plugin version 7.1 or latest
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.17)
WordPress Plugin Media Library Assistant SQL Injection (3.05)
WordPress Plugin MapSVG Lite Cross-Site Request Forgery (4.2.4)
WordPress Plugin I Recommend This SQL Injection (3.7.7)
WordPress Plugin WOOF-Products Filter for WooCommerce Unspecified Vulnerability (1.2.6)