WordPress Plugin Knews Multilingual Newsletters is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Knews Multilingual Newsletters version 1.7.0 is vulnerable; prior versions may also be affected.
Update to plugin version 1.7.1 or latest
WordPress Plugin Category Grid View Gallery Cross-Site Scripting (2.3.3)
WordPress Plugin Nofollow Links Cross-Site Scripting (1.0.10)
WordPress Plugin Advanced Search Cross-Site Scripting (1.1.2)
WordPress Plugin School Management System-WPSchoolPress Multiple Cross-Site Scripting Vulnerabilities (2.1.16)
WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (2.11.2)