WordPress Plugin XforWooCommerce is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently take over the website and its database. WordPress Plugin XforWooCommerce version 1.6.4 is vulnerable; prior versions are also affected.
Update to plugin version 1.7.0 or latest
WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership Multiple Cross-Site Scripting Vulnerabilities (2.0.27)
WordPress Plugin Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery Cross-Site Scripting (2.2.0)
WordPress Plugin Admin PHP Eval Unspecified Vulnerability (1.0)
WordPress Plugin WP Photo Album Plus 'wppa-album' Parameter SQL Injection (4.1.1)