Current version is 1.13.10

https://seclists.org/fulldisclosure/2019/May/8

https://mythemeshop.com/changelog/?product=launcher

https://vuldb.com/?id.134654

https://wpvulndb.com/vulnerabilities/9274

https://blog.sucuri.net/2019/05/multiple-vulnerabilities-in-the-wordpress-ultimate-member-plugin.html

https://blog.sucuri.net/2019/05/multiple-vulnerabilities-in-the-wordpress-ultimate-member-plugin.html

https://blog.sucuri.net/2019/05/multiple-vulnerabilities-in-the-wordpress-ultimate-member-plugin.html

Changelog states "Fixed: Security issue"

https://wordpress.org/plugins/photo-gallery/#developers

"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Unable to verify if issue has been fixed yet

https://www.pluginvulnerabilities.com/2019/05/14/authenticated-local-file-inclusion-lfi-vulnerability-in-photo-gallery-by-10web/

https://blog.sucuri.net/2019/05/wordpress-plugin-give-stored-xss-for-donors.html

Plugin has been closed in public repo, so you'll be unable to update through the WordPress interface. Either remove or get the code from svn

https://blog.sucuri.net/2019/05/persistent-cross-site-scripting-in-wp-live-chat-support-plugin.html

"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Plugin has been closed in the public repository

https://www.pluginvulnerabilities.com/2019/05/16/gdpr-functionality-in-wordpress-plugin-wp-live-chat-support-allows-anyone-to-download-contents-of-chats-handled-through-it/

Changelog states "Security Fix"

https://wordpress.org/plugins/pppt/#developers

Fix was supposed to be released in v4.8.71, but trac shows 4.8.72 with "Security patch" and plugin is now closed in public repo

https://blog.nintechnet.com/wordpress-latest-security-fixes/

"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Issue does not appear to be fixed yet

https://www.pluginvulnerabilities.com/2019/05/16/this-persistent-cross-site-scripting-xss-vulnerability-seems-likely-to-be-what-hackers-would-be-interested-in-fb-messenger-live-chat-for/

"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Plugin has been closed in the public repository

https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-toggle-the-title-for/

Changelog states "Security – fix for XSS vulnerability in email subscription"

https://wordpress.org/plugins/fv-wordpress-flowplayer/#developers

"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions.

https://www.pluginvulnerabilities.com/2019/05/15/information-disclosure-vulnerability-in-fv-player-fv-flowplayer-video-player/

mq-woocommerce-products-price-bulk-edit

"Researcher" doesn't state when the vulnerability was introduced to the code base. Assume all previous versions. Plugin has been closed in the public repository

https://www.pluginvulnerabilities.com/2019/05/16/is-this-authenticated-persistent-cross-site-scripting-xss-vulnerability-what-hackers-would-be-interested-in-woocommerce-products-price-bulk-edit-for/

Commit states "Added security bug fix", looking at code indicates cross-site scripting fix

https://plugins.trac.wordpress.org/changeset/2084532/