WordPress Plugin WP Post Popup is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Post Popup version 2.1.1 is vulnerable; prior versions may also be affected.
Update to plugin version 2.1.2 or latest
WordPress Plugin Mass Pages/Posts Creator Cross-Site Scripting (1.2.2)
WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.9.13)
WordPress Plugin BuddyPress PHP Object Injection (2.0.2)
WordPress Plugin Manage and respond to conversations with leads-HappyForms PHP Object Injection (1.0.0)
WordPress Plugin Magee Shortcodes Cross-Site Scripting (1.6.3)