Plugin Vulnerabilities We Helped Get Fixed This Week

• Cross site request forgery (CSRF) in Booking Calendar Contact Form, discovered by Joaquin Ramirez Martinez

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

• Authenticated persistent cross-site scripting (XSS) in Calculated Fields Form, discovered by Joaquin Ramirez Martinez

Additional Plugin Vulnerabilities Added This Week

• Reflected cross-site scripting (XSS) in WP Advanced Importer Plugin, discovered by Rahul Pratap Singh
• Reflected cross-site scripting (XSS) in CSV Import, discovered by Rahul Pratap Singh
• Reflected cross-site scripting (XSS) in Import Woocommerce, discovered by Rahul Pratap Singh
• Reflected cross-site scripting (XSS) in WP Ultimate Exporter, discovered by Rahul Pratap Singh
• Privilege escalation in Extra User Details, discovered by Panagiotis Vagenas
• Authenticated session hijacking in Calculated Fields Form, discovered by Joaquin Ramirez Martinez