WordPress Amazon Affiliate Shop Plugin <= 0.9.6 - Local File Inclusion

This vulnerability is in reviews.php. It allows the attackers to read arbitrary files via a full pathname in the "url" parameter. Solution Update the plugin...

WordPress WebEngage Plugin <= 2.0.0 - XSS

Because of this vulnerability in resize.php, the attackers to inject arbitrary web script or HTML via the "height" parameter or renderer.php or callback.php. Solution Update the plugin...

WordPress Social Login Plugin <= 2.0.3 - XSS

Because of this vulnerability in services/diagnostics.php, the attackers can inject arbitrary web script or HTML via the "xhrurl" parameter. Solution Update the plugin...

WordPress Responsive Preview Plugin <= 1.1 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Member Approval Plugin <= 131109 - CSRF

Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...

WordPress NextCellent Gallery Plugin <= 1.19.17 - XSS

Because of this vulnerability in admin/manage-images.php, authenticated users can inject arbitrary web script or HTML via the "Alt & Title Text" field. Solution Update the plugin...

WordPress File Gallery Plugin <= 1.7.9.1 - Arbitrary Code Execution

This plugin does not properly escape strings, which allows remote administrators to execute arbitrary PHP code. Solution Update the plugin...

WordPress <= 3.3.2 - Multiple Vulnerabilities

Because of these vulnerabilities, the attackers can obtain sensitive information or bypass intended media-attachment restrictions via a "postid" value. Solution Update the plugin...

WordPress Newsletter Manager Plugin <= 1.0.1 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress Recommend To a Friend Plugin <= 2.0.2 - XSS

Because of this vulnerability in inc/rafform.php, the attackers can inject arbitrary web script or HTML via the "currenturl" parameter. Solution Update the plugin...

WordPress Maintenance Mode Plugin <= 1.8.7 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that modify this plugin's settings. Solution Update the plugin...

WordPress GRAND FlAGallery Plugin <= 2.71 - XSS

Because of this vulnerability in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML via the "s" parameter in a flag-manage-gallery action. Solution Update the plugin...

WordPress BackupBuddy Plugin <= 2.2.4 - Sensitive Data Exposure #2

Because of this vulnerability in the importbuddy.php, the plugin does not reliably delete itself after completing a restore operation. In that way the attackers can obtain access via subsequent requests to this script. Solution Update the plugin...

WordPress Social Sharing Toolkit Plugin <= 2.1.1 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that manipulate plugin settings via unknown vectors. Solution Update the plugin...

WordPress Social Media Widget Plugin <= 4.0 - Remote File Inclusion

This plugin contains a Trojan Horse, which allows the attackers to force the upload of arbitrary files. Solution Update the plugin...

WordPress My Calendar Plugin <= 1.10.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...

WordPress Pay With Tweet Plugin <= 1.1 - SQL Injection

Because of this vulnerability, the authenticated users can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...

WordPress Whois Search Plugin <= 1.4.2.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "domain" parameter. Solution Update the plugin...

WordPress Bad Behavior Plugin <= 2.2.4 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress <= 3.4.1 - XSS and BYPASS

Because of these vulnerabilities, authenticated users can perform cross-site scripting attacks by leveraging the Administrator or Editor role and composing crafted text and bypass intended access restrictions. Solution Update WordPress...

WordPress FCChat Widget Plugin 2.2.x - Arbitrary File Upload

FCChat Widget plugin's "Upload.php" is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also...

WordPress Font Uploader Plugin 1.2.4 - Arbitrary File Upload

Font Uploader plugin is prone to an arbitrary file upload vulnerability. Restricted access to this script is not properly realized. In that way an attacker can to upload files containing malicious PHP code and run it in the context of the web server process. Other attacks are also possible...

WordPress User Photo Plugin <= 0.9.5.1 - XSS

Because of this vulnerability in user-photo.php, attackers can inject arbitrary web script or HTML via the PATHINFO to wp-admin/options-general.php. Solution Update the plugin...

WordPress League Manager Plugin <= 3.7 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "group" parameter in the show-league page. Solution Update the plugin...

WordPress Login With Ajax Plugin <= 3.0.4.0 - XSS #2

Because of this vulnerability in login-with-ajax.php, the attackers can inject arbitrary web script or HTML via the "callback" parameter. Solution Update the plugin...

WordPress WP FaceThumb Plugin 0.1 - Cross Site Scripting

WordPress WP-FaceThumb plugin's "paginationwpfacethum" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attack...

WordPress Pay with Tweet Plugin <= 1.1 - Multiple Vulnerabilities

WordPress Pay with Tweet plugin is prone to a blind SQL injection and XSS vulnerabilities. Solution Update the plugin...

WordPress Symposium Plugin <= 11.12.24 - Multiple Arbitrary File Upload

Because of this vulnerability, the attackers can execute arbitrary code by uploading a file with an executable extension using uploadify/uploadprofileavatar.php or uploadify/uploadadminavatar.php. Solution Update the plugin...

WordPress Grand FlAGallery Plugin 1.57 - Cross Site Scripting

WordPress Grand FlAGallery plugin's "flagshow.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...

WordPress Redirection Plugin <= 2.2.9 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Solution Update the plugin...

WordPress Black-LetterHead Theme 1.5 - Cross Site Scripting

WordPress Black-LetterHead theme's "index.php" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can...

WordPress Twitter Feed Plugin <= 0.3.1 - XSS

Because of this vulnerability in magpiedebug.php, the attackers can inject arbitrary web script or HTML via the "url" parameter. Solution Update the plugin...

WordPress UnGallery plugin <= 1.5.8 - Local File Disclosure

This vulnerability allows an attacker to obtain important information from local files on computers running the vulnerable application. Other attacks are also possible. Solution Update the plugin...

WordPress Related Posts Plugin <= 1.0 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities in the configuration screen in wp-relatedposts.php, the attackers can hijack the authentication of administrators for requests that insert cross-site scripting sequences. Solution Update the plugin...

WordPress Recaptcha Plugin <= 2.9.8.2 - Multiple CSRF and XSS

Because of these cross-site request forgery vulnerabilities in the configuration page, the attackers can hijack the authentication of administrators for requests that disable the CAPTCHA requirement or insert cross-site scripting sequences. Solution Update the plugin...

WordPress Register Plus Plugin <= 3.5.1 - Multiple XSS

Because of these vulnerabilities in wp-login.php, the attackers can inject arbitrary web script or HTML via the "website", "aim", "yahoo", "jabber", "firstname", "lastname", "about", "pass1", and "pass2" parameters in a register action. Solution Update the plugin...

WordPress WP Survey And Quiz Tool Plugin 1.2.1 - Cross-Site Scripting Vulnerability

This WP Survey And Quiz Tool plugin is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

WordPress 2.9 - Failure to Restrict URL Access

A new feature, called "Trash", was implemented so that users were able to retrieve posts that they may have deleted by accident. Any posts that are placed within the trash are viewable by authenticated users, no matter what privileges they have. Solution Update the WordPress, because since versio...

WordPress WP-Cumulus <= 1.20 - Vulnerabilities

There are several vulnerabilities in this WordPress WP-Cumulus: cross-site scripting and full path disclosure vulnerabilities. Solution Update the WordPress...

WordPress 2.8.1 - Remote Cross-Site Scripting Vulnerability

This version of WordPress is prone to a cross-site scripting vulnerability. Solution Update WordPress...

WordPress MU <= 2.5 - XSS

Because of this vulnerability in wp-admin/wp-blogs.php, the attackers tcan inject arbitrary web script or HTML . Solution Update WordPress...

WordPress Newsletter Plugin - SQL Injection #1

Because of this vulnerability in stnliframe.php, the attackers can execute arbitrary SQL commands via the "newsletter" parameter. Solution Update the plugin...

WordPress Download Manager Plugin <= 0.2 - Arbitrary File Upload

Because of this vulnerability in upload.php, the attackers can execute arbitrary code by uploading a file with an executable extension via the "upfile" parameter. Solution Update the plugin...

WordPress WP Call Plugin <= 0.3 - SQL Injection

Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...

WordPress Captcha Plugin <= 2.5 - Multiple XSS

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

WordPress <= 2.3.9 - SQL Injection

Because of this vulnerability, the attackers can obtain sensitive information via an invalid "p" parameter. Solution Update WordPress...

WordPress MU <= 1.0 - XSS

Because of this vulnerability in wp-newblog.php, the attackers can inject arbitrary web script or HTML via the "weblogid" parameter. Solution Update WordPress...

WordPress Unnamed Theme <= 1.217 - XSS

Because of this vulnerability in index.php, the attackers can inject arbitrary web script or HTML via the "s" parameter. Solution Update the theme...

WordPress DB Backup Plugin <= 1.7 - Directory Traversal

Because of this vulnerability in wp-db-backup.php, authenticated users with administrative privileges can read arbitrary files. Solution Update the WordPress DB Backup plugin to the latest available version at least 1.8...

WordPress <= 2.0.2 - Shell Injection

Because of this vulnerability in vars.php, the attackers can spoof their IP address via a PCREMOTEADDR HTTP header and include a remote file. Solution Update the WordPress to the latest available version at least 2.0.3...