Contest Gallery < 13.1.0.7 - Subscriber+ Email Address Disclosure

The plugin does not have any proper access controls when exporting users from a gallery, which could allow any authenticated users such as subscriber to list all users from the blog, disclosing their username and email address PoC POST...

fablevision.com XSS vulnerability

Vulnerable URL: http://www.fablevision.com/place/library/STICKY/stickyburrcomic.php?id=13'"134 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2307329 VIP website status:| No...