WordPress Plugin User Submitted Posts is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. WordPress Plugin User Submitted Posts version 20190426 is vulnerable; prior versions may also be affected.
Update to plugin version 20190501 or latest
WordPress Plugin WPS Limit Login Multiple Vulnerabilities (1.4.5)
WordPress Plugin BePro Listings Security Bypass (2.2.0020)
WordPress Plugin WP Server Log Viewer Cross-Site Scripting (1.0)
Apache Tomcat version older than 7.0.28
WordPress Plugin Subscribe Sidebar by Blubrry Cross-Site Scripting (1.3.1)