The WordPress CformsII plugin (10,000+ active installations) was prone to an HTML injection vulnerability that could be used to target the administrator.

The WordPress “Simple 301 Redirects Addon Bulk Uploader”, which has 20,000+ active installations, was prone to a unauthenticated options change vulnerability that could allow an attacker to redirect all URLs to a malicous website.

The WordPress ND Restaurant Reservations plugin (300+ active installations) was prone to a critical vulnerability that could allow an attacker to take over the blog and its database.

The WordPress Login or Logout Menu Item (10,000+ active installations) was prone to an unauthenticated options change vulnerability.

The WordPress ND Learning Courses plugin (2,000+ active installations) was prone to a critical vulnerability that could allow an attacker to take over the blog and its database.