WordPress Plugin WP Code Highlight.js is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin WP Code Highlight.js version 0.6.2 is vulnerable; prior versions may also be affected.
Update to plugin version 0.6.3 or latest
WordPress Plugin YOP Poll Cross-Site Scripting (6.0.2)
WordPress Plugin 10Web Map Builder for Google Maps Cross-Site Scripting (1.0.71)
WordPress Plugin Product Slider For WooCommerce Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.5)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Multiple Vulnerabilities (1.5.34)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'xml/media-rss.php' Cross-Site Scripting (1.5.1)