The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.

The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.

The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.

PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..

Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.

NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.