WordPress Email Customizer for WooCommerce | Drag and Drop Email Templates Builder plugin <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Email Template Content vulnerability discovered by fallenofalbaz in WordPress Plugin Email Customizer for WooCommerce versions = 2.6.7...

WordPress Friends plugin <= 3.5.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Pham Nguyen Khoa in WordPress Plugin Friends versions = 3.5.1...