WordPress Plugin Tutor LMS-eLearning and online course solution is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Tutor LMS-eLearning and online course solution version 1.8.7 is vulnerable; prior versions may also be affected.
Update to plugin version 1.8.8 or latest
WordPress Plugin to Manage/Design WordPress Blog-WP Blog Manager Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.0)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.5)
Drupal Core 7.x Cross-Site Scripting (7.0 - 7.65)
WordPress Plugin Shareaholic-share buttons, related posts, social analytics & more Cross-Site Scripting (184.108.40.206)