PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Wordpress: different message for wrong username and pasword, weak inicial password generation.
vulners.com/securityvulns/securityvulns:doc:19716
vulners.com/securityvulns/securityvulns:doc:19717
vulners.com/securityvulns/securityvulns:doc:19720
vulners.com/securityvulns/securityvulns:doc:19726