Plugin Vulnerabilities We Helped Get Fixed This Week

• Cross-site request forgery (CSRF)/SQL injection vulnerability in Wp Multiple Meta Box, discovered Dr.Malware

Plugin Vulnerabilities Added This Week

• Information disclosure vulnerability in Ghosts, discovered by Josh Brody
• Persistent cross-site scripting (XSS) vulnerability in MainWP Dashboard, discovered by Jouko Pynnönen
• Authenticated information disclosure vulnerability in Yoast SEO, discovered by Wordfence
• Authenticated persistent cross-site (XSS) vulnerability in bbPress, discovered by Sucuri
• Arbitrary file upload vulnerability in Tevolution, discovered by developer
• Arbitrary file upload vulnerability in Ninja Forms, discovered by James Golovich
• Persistent cross-site scripting (XSS) vulnerability in Ninja Forms, discovered by James Golovich