WordPress Plugin Simple Contact Info is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Simple Contact Info version 1.1.9 is vulnerable; prior versions may also be affected.
Disable the plugin until a fix is available
WordPress Plugin Widget Settings Importer/Exporter Cross-Site Scripting (1.5.3)
WordPress Plugin Contact Form Builder-a plugin for creating contact and feedback forms Cross-Site Request Forgery (1.0.68)
WordPress Plugin Traffic Manager Multiple Vulnerabilities (1.4.5)
WordPress Plugin aoringo LOG maker Cross-Site Scripting (0.1.3)
WordPress Plugin WP HTML Author Bio Cross-Site Scripting (1.2.0)