WordPress Plugin Contact Form Generator is prone to multiple cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Contact Form Generator version 2.1.86 is vulnerable; prior versions may also be affected.
Edit the source code to ensure that CSRF protection is implemented with Nonce-like mechanism or disable the plugin until a fix is available
WordPress Plugin Qiniu Cloudtuchuang Cross-Site Scripting (1.8)
WordPress Plugin Subscribe2 Cross-Site Scripting (10.15)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (7.0.06)
WordPress Plugin Smart Slideshow 'upload.php' Arbitrary File Upload (2.1)
WordPress Plugin WP-Lister Lite for Amazon Directory Traversal (0.9.6.35)