Email Subscribers and Newsletters plugin contains an unauthenticated timebased SQL injection in versions before 4.3.1. The hash parameter is vulnerable to injection.
883d0eaca9891a011a583d7cbea23b1c7f956800de4a058033366b43cb374379
WordPress NextScripts: Social Networks Auto-Poster plugin versions 4.3.20 and below suffer from a cross site scripting vulnerability.
3b243357482f55615e13c6f86d3c5f7e5661b3bdb1e7d084a3489717be01ceda