WordPress Plugin Store Locator Plus for WordPress is prone to multiple vulnerabilities including an information disclosure vulnerability and a SQL injection vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Store Locator Plus for WordPress versions from 2.7.1 to 3.0.1 are vulnerable; prior versions may also be affected.
Restrict access to the wp-content/plugins/store-locator-le/core/load_wp_config.php file (e.g. via .htaccess) and edit the source code to ensure that input is properly sanitised
WordPress Plugin My Link Order Cross-Site Scripting (4.3)
WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.13.3)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.8)
WordPress Plugin Shared Files-Easy Download Manager and File Sharing with Frontend File Upload Cross-Site Scripting (1.6.60)