Plugin Vulnerabilities We Helped Get Fixed This Week

• Cross site request forgery (CSRF) in Simple add pages or posts, discovered by ALIREZA_PROMIS
• Reflected cross-site scripting (XSS) in IMPress Listings, discovered by Kris

Plugin Vulnerabilities Added This Week

• Cross site request forgery (CSRF) in Simple add pages or posts, discovered by ALIREZA_PROMIS
• Reflected cross-site scripting (XSS) in Profile Builder, discovered by Kacper Szurek
• Reflected cross-site scripting (XSS) in MailPoet Newsletters, discovered by Omar Kurt
• Authenticated SQL injection in User Meta Manager, discovered by Panagiotis Vagenas
• Privilege escalation in User Meta Manager, discovered by Panagiotis Vagenas
• Reflected cross-site scripting (XSS) in Connections Business Directory, discovered by Larry W. Cashdollar