Vulnerable Plugins
There are eighteen issues this week, with two unfixed, and five where fixes have been committed but aren't showing as available yet in the public repository. The most critical this week are a Privilege Escalation vulnerability in WP Front End Profile (fix available), a CSV Injection vulnerability in Import Export WordPress Users (fix available) and a SQL Injection vulnerability in Web Librarian (fix available). There's also an unfixed Cross-Site Request Forgery to CRM reset (where it deletes the associated data) vulnerability in Zero BS WordPress CRM.
View this week's vulnerable plugins list.