WordPress Plugin WP Cost Estimation & Payment Forms Builder is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Cost Estimation & Payment Forms Builder version 9.659 is vulnerable; prior versions may also be affected.
Update to plugin version 9.660 or latest
WordPress Plugin Restaurant Menu by MotoPress Cross-Site Scripting (2.4.1)
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Scripting (2.6.5)
WordPress Plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) Cross-Site Scripting (9.7.0)
WordPress Plugin Product Limited Time Availability Date for woocommerce Cross-Site Scripting (1.0.1)
WordPress Plugin PublishPress Capabilities-User Role Access, Editor Permissions, Admin Menus Cross-Site Request Forgery (2.3.1)