The Query Monitor plugin for WordPress has Reflected Cross-Site Scripting via Request URI

Impact The Query Monitor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'REQUESTURI' parameter in all versions up to, and including, 3.20.3 due to insufficient output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

WordPress AHAthat Plugin plugin <= 1.6 - Reflected XSS via REQUEST_URI vulnerability

Reflected XSS via REQUESTURI vulnerability discovered by Bob Matyas in WordPress Plugin AHAthat versions = 1.6...