CVE-2013-7477 The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. View Full Alert Related Posts CVE-2013-7475The contact-form-plugin plugin before 3.52 for WordPress has XSS. View Full Alert CVE-2013-7476The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface. View Full Alert CVE-2013-7473Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account. View Full Alert