VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

WordPress 2.1.1 - Arbitrary Command Execution

WordPress 2.1.1 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject...