Cross-Site Request Forgery (CSRF) vulnerability in Graham Quick Interest Slider quick-interest-slider allows Cross Site Request Forgery.This issue affects Quick Interest Slider: from n/a through <= 3.1.5.
Authenticated attackers with Contributor-level access or above can delete or generate featured images on posts they do not own in the Auto Featured Image (Auto Post Thumbnail) WordPress plugin through version 4.2.1, due to a missing capability check in the bulk_action_generate_handler function. The vulnerability requires user authentication and has a CVSS score of 4.3; no public exploit code or active exploitation has been confirmed at the time of analysis.
Insertion of Sensitive Information Into Sent Data vulnerability in Nitesh Ultimate Auction ultimate-auction allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Auction : from n/a through <= 4.3.3.