Content Slide <= 1.4.2 - Cross Site Requst Forgery Vulnerability

Content Slide <= 1.4.2 - Cross Site Requst Forgery Vulnerability 93871 2013-2708 52949 CSRF Simple Paypal Shopping Cart 3.5 - Cross-Site Request Forgery Vulnerability 93953 2013-2705 52963 CSRF 3.6 WP-SendSMS 1.0 - Setting Manipulation CSRF 94209 53796 26124 CSRF WP-SendSMS 1.0 - wp-admin/admin.php Multiple Parameter XSS 94210 26124 XSS Mail Subscribe List - Script Insertion Vulnerability 53732 94197 XSS 2.1 VideoJS Cross - Site Scripting Vulnerability 53437 http://seclists.org/fulldisclosure/2013/May/66 XSS 0.98 VideoJS Cross - Site Scripting Vulnerability 53426 http://seclists.org/fulldisclosure/2013/May/66 XSS 4.1 VideoJS Cross - Site Scripting Vulnerability 53445 http://seclists.org/fulldisclosure/2013/May/66 XSS 1.4 VideoJS Cross - Site Scripting Vulnerability 53396 http://seclists.org/fulldisclosure/2013/May/66 XSS 2.1 VideoJS Cross - Site Scripting Vulnerability http://seclists.org/fulldisclosure/2013/May/66 XSS Crayon Syntax Highlighter - Remote File Inclusion Vulnerability 50804 http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/ RFI 1.13 UnGallery <= 1.5.8 - Local File Disclosure Vulnerability 17704 LFI UnGallery - Arbitrary Command Execution 50875 http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/ RCE 2.1.6 Thank You Counter Button <= 1.8.2 - XSS 50977 XSS 1.8.3 Bookings <= 1.8.2 - XSS 50975 XSS 1.8.3 Cimy User Manager <= 1.4.2 - Arbitrary File Disclosure 50834 http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/ UNKNOWN 1.4.4 FireStorm Professional Real Estate - "id" SQL Injection Vulnerability 51107 SQLI 2.06.04 FireStorm Professional Real Estate - Multiple SQL Injection 50873 http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/ SQLI 2.06.03 WP125 <= 1.4.4 - Multiple XSS 50976 XSS 1.4.5 WP125 <= 1.4.9 - CSRF 92113 2013-2700 52876 http://www.securityfocus.com/bid/58934 CSRF 1.5.0 All Video Gallery - Multiple SQL Injection Vulnerabilities 50874 http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ SQLI BuddyStream - XSS 50972 XSS post-views - XSS 50982 XSS Floating Social Media Links - Remote File Inclusion 51346 http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/ RFI Zingiri Forum - Arbitrary File Disclosure 50833 http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/ UNKNOWN Google Document Embedder - Arbitrary File Disclosure 2012-4915 23970 50832 http://www.securityfocus.com/bid/57133 http://packetstormsecurity.com/files/119329/ http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/ exploit/unix/webapp/wp_google_document_embedder_exec UNKNOWN 2.5.4 extended-user-profile - Full Path Disclosure vulnerability http://1337day.com/exploit/20118 FPD superslider-show - Full Path Disclosure vulnerability http://1337day.com/exploit/20117 FPD multibox - Full Path Disclosure vulnerability http://1337day.com/exploit/20119 FPD OpenInviter - Information Disclosure http://packetstormsecurity.com/files/119265/ UNKNOWN RokBox - Multiple Vulnerabilities http://1337day.com/exploit/19981 MULTI RokBox <= 2.13 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/118884/ MULTI RokIntroScroller <= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities 97418 54801 http://packetstormsecurity.com/files/123302/ http://seclists.org/fulldisclosure/2013/Sep/121 MULTI RokMicroNews <= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities 97418 54801 http://packetstormsecurity.com/files/123312/ http://seclists.org/fulldisclosure/2013/Sep/124 MULTI RokNewsPager <= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities 97418 54801 http://packetstormsecurity.com/files/123271/ http://seclists.org/fulldisclosure/2013/Sep/109 MULTI RokStories <= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities 97418 54801 http://packetstormsecurity.com/files/123270/ http://seclists.org/fulldisclosure/2013/Sep/108 MULTI grou-random-image-widget - Full Path Disclosure http://1337day.com/exploit/20047 FPD sintic_gallery - Arbitrary File Upload Vulnerability http://1337day.com/exploit/19993 UPLOAD sintic_gallery - Path Disclosure Vulnerability http://1337day.com/exploit/20020 FPD WP-UserOnline - Full Path Disclosure http://seclists.org/fulldisclosure/2010/Jul/8 FPD Wp-UserOnline <= 0.62 - Persistent XSS http://seclists.org/fulldisclosure/2010/Jul/8 XSS Shopping Cart 8.1.14 - Shell Upload, SQL Injection http://packetstormsecurity.com/files/119217/ 51690 MULTI 8.1.15 Level Four Storefront - levelfourstorefront/getsortmanufacturers.php id Parameter SQL Injection 91680 http://packetstormsecurity.com/files/120950/ SQLI ReFlex Gallery 1.3 - Shell Upload http://packetstormsecurity.com/files/119218/ UPLOAD ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure 88869 Uploader 1.0.4 - Shell Upload http://packetstormsecurity.com/files/119219/ UPLOAD Uploader 1.0.4 - notify.php blog Parameter XSS 90840 52465 XSS Xerte Online 0.32 - Shell Upload http://packetstormsecurity.com/files/119220/ UPLOAD Advanced Custom Fields <= 3.5.1 - Remote File Inclusion http://packetstormsecurity.com/files/119221/ 51037 23856 87353 exploit/unix/webapp/wp_advanced_custom_fields_exec RFI 3.5.2 sitepress-multilingual-cms - Full Path Disclosure http://1337day.com/exploit/20067 FPD Asset Manager 0.2 - Arbitrary File Upload 82653 18993 23652 49378 http://www.securityfocus.com/bid/53809 http://packetstormsecurity.com/files/119133/ UPLOAD Asset Manager - upload.php Arbitrary Code Execution 82653 http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ http://packetstormsecurity.com/files/113285/ http://xforce.iss.net/xforce/xfdb/80823 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Blaze Slideshow 2.1 - Unspecified Security Vulnerability http://www.securityfocus.com/bid/52677 UNKNOWN 2.2 Comment Extra Field 1.7 - CSRF / XSS http://packetstormsecurity.com/files/122625/ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html MULTI SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS powerzoomer - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20253 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51224 XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-3dflick-slideshow - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20255 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51250 XSS Carousel Slideshow - Unspecified Vulnerabilities 50377 UNKNOWN 3.10 SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-homepage-slideshow - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20260 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-image-news-slider - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20259 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Image News slider - Unspecified Vulnerabilities 50390 UNKNOWN 3.4 Image Resizer - Cross Site Scripting http://packetstormsecurity.com/files/123651/ XSS wp-levoslideshow - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20250 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-powerplaygallery - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20252 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-royal-gallery - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20261 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp superb Slideshow - Full Path Disclosure http://1337day.com/exploit/19979 FPD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Ajax - Post Search Sql Injection http://seclists.org/bugtraq/2012/Nov/33 51205 http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html SQLI 1.3 Answer My Question 1.1 - record_question.php Multiple Parameter XSS 85567 50655 http://www.securityfocus.com/archive/1/524625/30/0/threaded http://seclists.org/bugtraq/2012/Nov/24 XSS 1.2 Catalog - HTML Code Injection and Cross-site scripting http://packetstormsecurity.com/files/117820/ 51143 MULTI Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60079 MULTI Spider Catalog 1.4.6 - Multiple Vulnerabilities 25724 93591 MULTI Wordfence 3.3.5 - XSS and IAA http://seclists.org/fulldisclosure/2012/Oct/139 51055 MULTI Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS 97884 http://packetstormsecurity.com/files/122993/ http://www.securityfocus.com/bid/62053 XSS 3.8.3 Slideshow jQuery Image Gallery - Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html MULTI Slideshow - Multiple Script Insertion Vulnerabilities 51135 XSS Social Discussions - Multiple Vulnerabilities http://www.waraxe.us/advisory-93.html MULTI ABtest - Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 UNKNOWN BBPress - SQL Injection / Path Disclosure 22396 86400 http://xforce.iss.net/xforce/xfdb/78244 http://packetstormsecurity.com/files/116123/ MULTI NextGen Cu3er Gallery - Information Disclosure http://packetstormsecurity.com/files/116150/ UNKNOWN Rich Widget - File Upload http://packetstormsecurity.com/files/115787/ UPLOAD Monsters Editor - Shell Upload http://packetstormsecurity.com/files/115788/ UPLOAD Quick Post Widget 1.9.1 - Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 XSS ThreeWP Email Reflector 1.13 - Stored XSS 20365 XSS SimpleMail 1.0.6 - Stored XSS 84534 2012-2579 20361 50208 XSS Postie 1.4.3 - Stored XSS 84532 2012-2580 20360 50207 XSS 1.5.15 RSVPMaker 2.5.4 - Persistent XSS 20474 50289 XSS Mz-jajak <= 2.1 - SQL Injection Vulnerability 20416 50217 SQLI Resume Submissions Job Posting 2.5.1 - Unrestricted File Upload http://packetstormsecurity.com/files/114716/ UPLOAD WP-Predict 1.0 - Blind SQL Injection 19715 SQLI Backup - Information Disclosure 19524 50038 UNKNOWN 2.1 MoodThingy Widget 0.8.7 - Blind SQL Injection 19572 SQLI Paid Business Listings 1.0.2 - Blind SQL Injection 19481 SQLI Website FAQ 1.0 - SQL Injection 19400 SQLI Fancy Gallery 1.2.4 - Shell Upload http://packetstormsecurity.com/files/114114/ UPLOAD Flip Book 1.0 - Shell Upload http://packetstormsecurity.com/files/114112/ UPLOAD Ajax Multi Upload 1.1 - Shell Upload http://packetstormsecurity.com/files/114109/ UPLOAD Schreikasten 0.14.13 - XSS 19294 XSS Automatic 2.0.3 - CSRF http://packetstormsecurity.com/files/113763/ CSRF VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113580/ UPLOAD Video Whisper - XSS http://packetstormsecurity.com/files/122943/ XSS VideoWhisper Live Streaming Integration - ls/htmlchat.php Multiple Parameter XSS 96593 2013-5714 54619 http://www.securityfocus.com/bid/61977 http://seclists.org/bugtraq/2013/Aug/163 XSS Auctions 2.0.1.3 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113568/ UPLOAD LB Mixed Slideshow 1.0 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113844/ UPLOAD Lim4wp 1.1.1 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113846/ UPLOAD Wp-ImageZoom 1.0.3 - Remote File Disclosure http://packetstormsecurity.com/files/113845/ UNKNOWN Invit0r 0.22 - Shell Upload http://packetstormsecurity.com/files/113639/ UPLOAD Annonces 1.2.0.1 - Shell Upload http://packetstormsecurity.com/files/113637/ UPLOAD Contus Video Gallery 1.3 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113571/ UPLOAD Contus HD FLV Player <= 1.3 - SQL Injection Vulnerability 17678 SQLI Contus HD FLV Player 1.7 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113570/ UPLOAD User Meta Version 1.1.1 - Arbitrary File Upload Vulnerability 19052 UPLOAD Top Quark Architecture Version 2.10 - Arbitrary File Upload Vulnerability 19053 UPLOAD SfBrowser Version 1.4.5 - Arbitrary File Upload Vulnerability 19054 UPLOAD SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Pica Photo Gallery 1.0 - Arbitrary File Upload Vulnerability 19055 UPLOAD PICA Photo Gallery 1.0 - Remote File Disclosure 19016 http://www.securityfocus.com/bid/53893 UNKNOWN SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Mac Photo Gallery - Two Security Bypass Security Issues 49923 AUTHBYPASS Mac Photo Gallery - Multiple Script Insertion Vulnerabilities 49836 XSS 3.0 Mac Photo Gallery 2.7 - Arbitrary File Upload 19056 UPLOAD drag and drop file upload 0.1 - Arbitrary File Upload Vulnerability 19057 UPLOAD Custom Content Type Manager 0.9.5.13pl - Arbitrary File Upload Vulnerability 19058 UPLOAD wp-gpx-max version 1.1.21 - Arbitrary File Upload 19050 http://www.securityfocus.com/bid/53909 http://packetstormsecurity.org/files/113523/ UPLOAD 1.1.23 Front File Manager 0.1 - Arbitrary File Upload 19012 UPLOAD Front End Upload 0.5.3 - Arbitrary File Upload 19008 UPLOAD Front End Upload 0.5.4 - Arbitrary PHP File Upload 20083 UPLOAD Omni Secure Files 0.1.13 - Arbitrary File Upload 19009 UPLOAD Easy Contact Forms Export 1.1.0 - Information Disclosure Vulnerability 19013 UNKNOWN Plugin: Newsletter 1.5 - Remote File Disclosure Vulnerability 82703 2012-3588 49464 19018 http://packetstormsecurity.org/files/113413/ UNKNOWN RBX Gallery 2.1 - Arbitrary File Upload 19019 UPLOAD Simple Download Button Shortcode 1.0 - Remote File Disclosure 19020 UNKNOWN Thinkun Remind 1.1.3 - Remote File Disclosure 19021 UNKNOWN Tinymce Thumbnail Gallery 1.0.7 - Remote File Disclosure 19022 UNKNOWN wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload 19023 UPLOAD Gallery 3.06 - Arbitrary File Upload 18998 UPLOAD Font Uploader 1.2.4 - Arbitrary File Upload 18994 82657 2012-3814 http://www.securityfocus.com/bid/53853 UPLOAD WP Property <= 1.35.0 - Arbitrary File Upload 18987 23651 82656 49394 http://packetstormsecurity.com/files/113274/ UPLOAD WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload 18988 UPLOAD WP Marketplace 1.2.1 - File Enumeration Weakness and File Upload Vulnerabilities http://www.securityfocus.com/bid/52960 UPLOAD 1.2.2 Google Maps via Store Locator - Multiple Vulnerabilities 18989 MULTI store-locator-le - SQL Injection 51757 SQLI 3.8.7 HTML5 AV Manager 0.2.7 - Arbitrary File Upload 18990 http://www.securityfocus.com/bid/53804 UPLOAD Foxypress 0.4.1.1-0.4.2.1 - Arbitrary File Upload http://packetstormsecurity.com/files/113576/ http://www.securityfocus.com/bid/53805 18991 19100 UPLOAD FoxyPress 0.4.2.5 - XSS, CSRF, SQL Injection http://packetstormsecurity.com/files/117768/ 51109 MULTI Track That Stat <= 1.0.8 - Cross Site Scripting http://packetstormsecurity.com/files/112722/ http://www.securityfocus.com/bid/53551 XSS WP-Facethumb Gallery <= 0.1 - Reflected Cross Site Scripting http://packetstormsecurity.com/files/112658/ XSS Survey And Quiz Tool <= 2.9.2 - Cross Site Scripting http://packetstormsecurity.com/files/112685/ XSS WP Statistics <= 2.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112686/ XSS WP Easy Gallery <= 1.7 - Cross Site Scripting 49190 http://packetstormsecurity.com/files/112687/ XSS 2.7.3 WP Easy Gallery <= 2.7 - CSRF 49190 http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery CSRF 2.7.3 Subscribe2 <= 8.0 - Cross Site Scripting 49189 http://packetstormsecurity.com/files/112688/ XSS 8.1 Soundcloud Is Gold <= 2.1 - Cross Site Scripting 49188 http://packetstormsecurity.com/files/112689/ XSS Sharebar <= 1.2.5 - sharebar-admin.php page Parameter XSS 98078 http://packetstormsecurity.com/files/123365/ XSS Sharebar <= 1.2.5 - Button Manipulation CSRF 94843 CSRF Sharebar <= 1.2.1 - SQL Injection / Cross Site Scripting http://packetstormsecurity.com/files/112690/ MULTI 1.2.2 Share And Follow <= 1.80.3 - Cross Site Scripting http://packetstormsecurity.com/files/112691/ XSS SABRE <= 1.2.0 - Cross Site Scripting http://packetstormsecurity.com/files/112692/ XSS Pretty Link Lite <= 1.5.2 - Cross Site Scripting http://packetstormsecurity.com/files/112693/ XSS Pretty Link Lite <= 1.6.1 - Cross Site Scripting 50980 XSS pretty-link - XSS in SWF http://seclists.org/bugtraq/2013/Feb/100 http://packetstormsecurity.com/files/120433/ 2013-1636 XSS Newsletter Manager <= 1.0 - Cross Site Scripting 49183 http://packetstormsecurity.com/files/112694/ XSS 1.0.2 Network Publisher <= 5.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112695/ XSS LeagueManager <= 3.7 - Cross Site Scripting http://packetstormsecurity.com/files/112698/ 49949 XSS LeagueManager 3.8 - SQL Injection 24789 2013-1852 91442 SQLI Leaflet <= 0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112699/ XSS PDF And Print Button Joliprint <= 1.3.0 - Cross Site Scripting http://packetstormsecurity.com/files/112700/ XSS IFrame Admin Pages <= 0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112701/ XSS EZPZ One Click Backup <= 12.03.10 - Cross Site Scripting http://packetstormsecurity.com/files/112705/ XSS Dynamic Widgets <= 1.5.1 - Cross Site Scripting http://packetstormsecurity.com/files/112706/ XSS Download Monitor <= 3.3.6.1 - Cross Site Scripting http://www.securityfocus.com/bid/61407 95613 2013-5098 2013-3262 53116 http://www.securityfocus.com/bid/61407 XSS 3.3.6.2 Download Monitor <= 3.3.5.7 - Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html 50511 XSS Download Monitor <= 3.3.5.4 - Cross Site Scripting http://packetstormsecurity.com/files/112707/ XSS Download Manager <= 2.2 - Cross Site Scripting http://packetstormsecurity.com/files/112708/ XSS Code Styling Localization <= 1.99.17 - Cross Site Scripting 49037 http://packetstormsecurity.com/files/112709/ XSS 1.99.20 Catablog <= 1.6 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ XSS Bad Behavior <= 2.24 - Cross Site Scripting http://packetstormsecurity.com/files/112619/ XSS BulletProof Security <= 0.47 - Cross Site Scripting http://packetstormsecurity.com/files/112618/ XSS BulletProof Security - Security Log Script Insertion Vulnerability 95928 95929 95930 2013-3487 53614 0.49 Better WP Security <= 3.5.3 - Stored XSS https://github.com/wpscanteam/wpscan/issues/251 http://www.securityfocus.com/archive/1/527634/30/0/threaded 95884 54299 27290 XSS 3.5.4 Better WP Security v3.4.3 - Multiple XSS http://seclists.org/bugtraq/2012/Oct/9 XSS 3.4.4 Better WP Security <= 3.2.4 - Cross Site Scripting http://packetstormsecurity.com/files/112617/ XSS 3.2.5 Custom Contact Forms <= 5.0.0.1 - Cross Site Scripting http://packetstormsecurity.com/files/112616/ XSS 2-Click-Socialmedia-Buttons <= 0.34 - Cross Site Scripting http://packetstormsecurity.com/files/112615/ XSS 2-Click-Socialmedia-Buttons <= 0.32.2 - Cross Site Scripting 49181 http://packetstormsecurity.com/files/112711/ XSS 0.35 Login With Ajax - Cross Site Scripting 49013 XSS 3.0.4.1 Login With Ajax - Cross-Site Request Forgery Vulnerability 93031 2013-2707 52950 CSRF 3.1 Media Library Categories <= 1.0.6 - SQL Injection Vulnerability 17628 SQLI Media Library Categories <= 1.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/112697/ SQLI FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell Upload http://packetstormsecurity.com/files/111319/ RFI Zingiri Web Shop - Cookie SQL Injection Vulnerability 49398 SQLI 2.4.8 Zingiri Web Shop <= 2.4.0 - Multiple XSS Vulnerabilities 18787 48991 XSS Zingiri Web Shop <= 2.3.5 - Cross Site Scripting http://packetstormsecurity.com/files/112684/ XSS Zingiri Web Shop 2.4.3 - Shell Upload http://packetstormsecurity.com/files/113668/ UPLOAD Organizer 1.2.1 - Cross Site Scripting / Path Disclosure http://packetstormsecurity.com/files/112086/ http://packetstormsecurity.com/files/113800/ MULTI Zingiri Tickets - File Disclosure http://packetstormsecurity.com/files/111904/ UNKNOWN CMS Tree Page View - XSS vulnerability https://www.htbridge.com/advisory/HTB23083 XSS CMS Tree Page View 1.2.4 - Page Creation CSRF 91270 52581 CSRF 1.2.5 All-in-One Event Calendar 1.4 - Multiple XSS vulnerabilities http://seclists.org/bugtraq/2012/Apr/70 XSS All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS 96271 54038 XSS 1.10 All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection 96272 54038 SQLI 1.10 Buddypress <= 1.5.5 - SQL Injection 18690 SQLI Register Plus Redux <= 3.8.3 - Cross Site Scripting http://packetstormsecurity.com/files/111367/ XSS Magn WP Drag and Drop <= 1.1.4 - Upload Shell Upload Vulnerability http://packetstormsecurity.com/files/110103/ UPLOAD Kish Guest Posting 1.0 - Arbitrary File Upload 18412 RFI AllWebMenus Shell Upload <= 1.1.9 - Shell Upload http://packetstormsecurity.com/files/108946/ RFI AllWebMenus 1.1.3 - Remote File Inclusion 17861 RFI Shortcode Redirect <= 1.0.01 - Stored Cross Site Scripting http://packetstormsecurity.com/files/108914/ XSS uCan Post <= 1.0.09 - Stored XSS 18390 XSS WP Cycle Playlist - Multiple Vulnerabilities http://1337day.com/exploit/17396 MULTI myEASYbackup 1.0.8.1 - Directory Traversal http://packetstormsecurity.com/files/108711/ UNKNOWN Count per Day 3.2.5 - /wp-content/wp-admin/index.php daytoshow Parameter XSS 90893 52436 http://packetstormsecurity.com/files/120649/ XSS Count per Day 3.2.5 - counter.php HTTP Referer Header XSS 91491 24859 http://packetstormsecurity.com/files/120870/ XSS Count Per Day 3.2.3 - notes.php Malformed Requests Remote DoS 90833 http://seclists.org/fulldisclosure/2013/Mar/43 UNKNOWN Count Per Day 3.2.3 - Multiple Script Direct Request Path Disclosure 90832 http://seclists.org/fulldisclosure/2013/Mar/43 FPD Count Per Day 3.2.3 - Cross Site Scripting http://packetstormsecurity.com/files/115904/ XSS Count Per Day 3.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/114787/ http://www.securityfocus.com/bid/54258 XSS 3.2 Count Per Day <= 3.1.1 - Multiple Vulnerabilities 18355 MULTI Count per Day <= 2.17 - SQL Injection Vulnerability 17857 SQLI WP-AutoYoutube <= 0.1 - Blind SQL Injection Vulnerability http://1337day.com/exploit/17368 SQLI Age Verification <= 0.4 - Open Redirect 18350 REDIRECT Yousaytoo Auto Publishing <= 1.0 - Cross Site Scripting http://packetstormsecurity.com/files/108470/ XSS Pay With Tweet <= 1.1 - Multiple Vulnerabilities 18330 MULTI Whois Search <= 1.4.2 - Cross Site Scripting http://packetstormsecurity.com/files/108271/ XSS UPM-POLLS 1.0.4 - BLIND SQL injection 18231 SQLI Disqus Comment System <= 2.68 - Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ XSS Google reCAPTCHA <= 3.1.3 - Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html XSS Link Library <= 5.2.1 - SQL Injection 17887 SQLI CevherShare 2.0 - SQL Injection Vulnerability 17891 SQLI meenews 5.1 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 XSS Click Desk Live Support Chat - Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 XSS 2.0 adminimize 1.7.21 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 XSS Advanced Text Widget <= 2.0.0 - Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 XSS MM Duplicate <= 1.2 - SQL Injection Vulnerability 17707 SQLI Menu Creator <= 1.1.7 - SQL Injection Vulnerability 17689 SQLI Allow PHP in Posts and Pages <= 2.0.0.RC1 - SQL Injection Vulnerability 17688 SQLI Global Content Blocks <= 1.2 - SQL Injection Vulnerability 17687 SQLI Ajax Gallery <= 3.0 - SQL Injection Vulnerability 17686 SQLI WP DS FAQ <= 1.3.2 - SQL Injection Vulnerability 17683 SQLI OdiHost Newsletter <= 1.0 - SQL Injection Vulnerability 17681 SQLI Easy Contact Form Lite <= 1.0.7 - SQL Injection Vulnerability 17680 SQLI WP Symposium <= 0.64 - SQL Injection Vulnerability 17679 SQLI WP Symposium <= 12.12 - Multiple SQL Injection Vulnerabilities 89455 50674 http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/ SQLI WP Symposium 13.02 - wp-symposium/invite.php u Parameter XSS 92275 2013-2695 52864 XSS 13.04 WP Symposium 13.02 - invite.php u Parameter Arbitrary Site Redirect 92274 2013-2694 52925 REDIRECT File Groups <= 1.1.2 - SQL Injection Vulnerability 17677 SQLI IP-Logger <= 3.0 - SQL Injection Vulnerability 17673 SQLI Beer Recipes 1.0 - XSS 17453 SQLI Is-human <= 1.4.2 - Remote Command Execution Vulnerability 17299 RCE EditorMonkey - (FCKeditor) Arbitrary File Upload 17284 UPLOAD SermonBrowser 0.43 - SQL Injection 17214 SQLI Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities 17207 MULTI WP Custom Pages 0.5.0.1 - LFI Vulnerability 17119 LFI GRAND FlAGallery - Multiple Vulnerabilities 51100 MULTI SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS GRAND Flash Album Gallery 1.9.0 and 2.0.0 - Multiple Vulnerabilities http://packetstormsecurity.com/files/117665/ http://www.waraxe.us/advisory-94.html 51601 MULTI GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities 16947 MULTI GRAND Flash Album Gallery <= 1.56 - XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS GRAND Flash Album Gallery <= 1.71 - XSS Vulnerability http://packetstormsecurity.com/files/112704/ XSS GRAND FlAGallery - "gid" SQL Injection Vulnerability 93087 53356 SQLI 2.56 GRAND FlAGallery - "s" Cross-Site Scripting Vulnerability 53111 93714 XSS 2.72 PHP Speedy <= 0.5.2 - (admin_container.php) Remote Code Exec Exploit 16273 RCE OPS Old Post Spinner 2.2.1 - LFI Vulnerability 16251 LFI jQuery Mega Menu 1.0 - Local File Inclusion 16250 LFI IWantOneButton 3.0.1 - Multiple Vulnerabilities 16236 MULTI WP Forum Server 1.6.5 - SQL Injection Vulnerability 16235 SQLI WP Forum Server <= 1.7 - SQL Injection Vulnerability 17828 SQLI WP Forum Server <= 1.7.3 - SQL Injection / XSS Vulnerabilities http://packetstormsecurity.com/files/112703/ MULTI Relevanssi 2.7.2 - Stored XSS Vulnerability 16233 XSS GigPress 2.1.10 - Stored XSS Vulnerability 16232 XSS Comment Rating 2.9.32 - Security Bypass Weakness and SQL Injection 90676 24552 52348 http://packetstormsecurity.com/files/120569/ MULTI Comment Rating 2.9.23 - Multiple Vulnerabilities 71044 43406 16221 MULTI 2.9.24 Z-Vote 1.1 - SQL Injection Vulnerability 16218 SQLI User Photo - Component Remote File Upload Vulnerability 16181 71071 UPLOAD 0.9.5 Enable Media Replace - Multiple Vulnerabilities 16144 MULTI Mingle Forum <= 1.0.32.1 - Cross Site Scripting / SQL Injection http://packetstormsecurity.com/files/108915/ MULTI Mingle Forum <= 1.0.31 - SQL Injection Vulnerability 17894 SQLI Mingle Forum <= 1.0.26 - Multiple Vulnerabilities 15943 MULTI Mingle Forum <= 1.0.33 - Cross Site Scripting 49171 http://packetstormsecurity.com/files/112696/ XSS 1.0.33.2 Mingle Forum 1.0.33.3 - fs-admin.php togroupusers Parameter XSS 90432 2013-0734 52167 XSS 1.0.34 Mingle Forum 1.0.33.3 - wpf.class.php search_words Parameter XSS 90433 2013-0734 52167 XSS 1.0.34 Mingle Forum 1.0.33.3 - wpf.class.php Multiple Parameter SQL Injection 90434 2013-0735 52167 SQLI 1.0.34 Mingle Forum 1.0.35 - Privilege Escalation CSRF 96905 2013-0736 47687 CSRF Accept Signups 0.1 - XSS 15808 XSS Events Manager Extended - Persistent XSS Vulnerability 14923 XSS NextGEN Smooth Gallery - Blind SQL Injection Vulnerability 14541 SQLI NextGen Smooth Gallery - XSS http://packetstormsecurity.com/files/123074/ XSS myLDlinker - SQL Injection Vulnerability 14441 SQLI Firestats - Remote Configuration File Download 14308 UNKNOWN Simple Press - SQL Injection Vulnerability 14198 SQLI Cimy Counter - Vulnerabilities 14057 MULTI SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51271 XSS 1.9.8 NextGEN Gallery <= 1.5.1 - XSS Vulnerability 12098 XSS 1.5.2 swfupload.swf Multiple Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60433 MULTI NextGEN Gallery 1.9.12 - Arbitrary File Upload http://wordpress.org/plugins/nextgen-gallery/changelog/ 94232 2013-3684 UPLOAD 1.9.13 Copperleaf Photolog - SQL injection 11458 SQLI Events Calendar - SQL Injection Vulnerability 10929 95677 SQLI 6.7.10 Events Calendar - wp-admin/admin.php EC_id Parameter XSS 74705 XSS 6.7.12a Image Manager - Shell Upload Vulnerability 10325 UPLOAD WP-Cumulus <= 1.20 - Vulnerabilities 10228 MULTI WP-Cumulus - Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340 XSS 1.23 WP-Syntax <= 0.9.1 - Remote Command Execution 9431 RCE My Category Order <= 2.8 - SQL Injection Vulnerability 9150 SQLI Related Sites 2.1 - Blind SQL Injection Vulnerability 9054 SQLI SWF Vulnerable to XSS Bundled in Many WordPress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS DM Albums 1.9.2 - Remote File Disclosure Vulnerability 9048 LFI DM Albums 1.9.2 - Remote File Inclusion Vuln 9043 RFI Photoracer 1.0 - (id) SQL Injection Vulnerability 8961 SQLI Photoracer <= 1.0 - SQL Injection Vulnerability 17720 SQLI Photoracer <= 1.0 - Multiple Vulnerabilities 17731 MULTI Lytebox - Local File Inclusion Vulnerability 8791 LFI fMoblog 2.1 - (id) SQL Injection Vulnerability 8229 SQLI Page Flip Image Gallery <= 0.2.2 - Remote FD Vuln 50902 2008-5752 7543 33274 http://www.securityfocus.com/bid/32966 http://xforce.iss.net/xforce/xfdb/47568 LFI e-Commerce <= 3.4 - Arbitrary File Upload Exploit 6867 UPLOAD Download Manager 0.2 - Arbitrary File Upload Exploit 6127 UPLOAD Spreadsheet <= 0.6 - SQL Injection Vulnerability 5486 SQLI Download - (dl_id) SQL Injection Vulnerability 5326 SQLI Sniplets 1.1.2 - (RFI/XSS/RCE) Multiple Vulnerabilities 5194 MULTI Photo album - Remote SQL Injection Vulnerability 5135 SQLI Simple Forum 2.0-2.1 - SQL Injection Vulnerability 5126 SQLI Simple Forum 1.10-1.11 - SQL Injection Vulnerability 5127 SQLI st_newsletter - Remote SQL Injection Vulnerability 5053 SQLI st_newsletter - (stnl_iframe.php) SQL Injection Vulnerability 6777 SQLI Wordspew - Remote SQL Injection Vulnerability 5039 SQLI dmsguestbook 1.7.0 - Multiple Remote Vulnerabilities 5035 MULTI WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit 5017 SQLI Adserve 0.2 - adclick.php SQL Injection Exploit 5013 SQLI fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability 4993 SQLI WP-Cal 0.3 - editevent.php SQL Injection Vulnerability 4992 SQLI plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability 4939 SQLI plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability 7738 SQLI wp-FileManager 1.2 - Remote Upload Vulnerability 4844 UPLOAD wp-FileManager 1.3.0 - File Download Vulnerability 53421 25440 93446 UNKNOWN 1.4.0 PictPress <= 0.91 - Remote File Disclosure Vulnerability 4695 LFI BackUp <= 0.4.2b - RFI Vulnerability 4593 RFI plugin myflash <= 1.00 - (wppath) RFI Vulnerability 3828 RFI plugin wordTube <= 1.43 - (wpPATH) RFI Vulnerability 3825 RFI plugin wp-Table <= 1.43 - (inc_dir) RFI Vulnerability 3824 RFI myGallery <= 1.4b4 - Remote File Inclusion Vulnerability 3814 RFI SendIt <= 1.5.9 - Blind SQL Injection Vulnerability 17716 SQLI Js-appointment <= 1.5 - SQL Injection Vulnerability 17724 SQLI MM Forms Community <= 1.2.3 - SQL Injection Vulnerability 17725 SQLI MM Forms Community 2.2.6 - Arbitrary File Upload 18997 UPLOAD Super CAPTCHA <= 2.2.4 - SQL Injection Vulnerability 17728 SQLI Collision Testimonials <= 3.0 - SQL Injection Vulnerability 17729 SQLI Oqey Headers <= 0.3 - SQL Injection Vulnerability 17730 SQLI Facebook Promotions <= 1.3.3 - SQL Injection Vulnerability 17737 SQLI Evarisk <= 5.1.3.6 - SQL Injection Vulnerability 17738 SQLI Evarisk 5.1.5.4 - Shell Upload http://packetstormsecurity.com/files/113638/ UPLOAD Profiles <= 2.0RC1 - SQL Injection Vulnerability 17739 SQLI mySTAT <= 2.6 - SQL Injection Vulnerability 17740 SQLI SH Slideshow <= 3.1.4 - SQL Injection Vulnerability 17748 SQLI iCopyright(R) Article Tools <= 1.1.4 - SQL Injection Vulnerability 17749 SQLI Advertizer <= 1.0 - SQL Injection Vulnerability 17750 SQLI Event Registration <= 5.44 - SQL Injection Vulnerability 17814 SQLI Event Registration <= 5.43 - SQL Injection Vulnerability 17751 SQLI Event Registration 5.32 - SQL Injection Vulnerability 15513 SQLI Craw Rate Tracker <= 2.0.2 - SQL Injection Vulnerability 17755 SQLI wp audio gallery playlist <= 0.12 - SQL Injection Vulnerability 17756 SQLI yolink Search - "s" Cross-Site Scripting Vulnerability 52030 XSS 2.6 yolink Search <= 1.1.4 - SQL Injection Vulnerability 17757 SQLI PureHTML <= 1.0.0 - SQL Injection Vulnerability 17758 SQLI Couponer <= 1.2 - SQL Injection Vulnerability 17759 SQLI grapefile <= 1.1 - Arbitrary File Upload 17760 UPLOAD image-gallery-with-slideshow <= 1.5 - Arbitrary File Upload / SQL Injection 17761 MULTI Donation <= 1.0 - SQL Injection Vulnerability 17763 SQLI WP Bannerize <= 2.8.6 - SQL Injection Vulnerability 74835 45811 17764 SQLI 2.8.7 WP Bannerize <= 2.8.7 - SQL Injection Vulnerability 76658 46236 17906 SQLI 2.8.8 SearchAutocomplete <= 1.0.8 - SQL Injection Vulnerability 17767 SQLI VideoWhisper Video Presentation <= 1.1 - SQL Injection Vulnerability 17771 SQLI VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/53851 UPLOAD Facebook Opengraph Meta <= 1.0 - SQL Injection Vulnerability 17773 SQLI Zotpress <= 4.4 - SQL Injection Vulnerability 17778 SQLI oQey Gallery <= 0.4.8 - SQL Injection Vulnerability 17779 SQLI Tweet Old Post <= 3.2.5 - SQL Injection Vulnerability 17789 SQLI post highlights <= 2.2 - SQL Injection Vulnerability 17790 SQLI KNR Author List Widget <= 2.0.0 - SQL Injection Vulnerability 17791 SQLI SCORM Cloud <= 1.0.6.6 - SQL Injection Vulnerability 17793 SQLI Eventify - Simple Events <= 1.7.f - SQL Injection Vulnerability 17794 SQLI Paid Downloads <= 2.01 - SQL Injection Vulnerability 17797 SQLI Community Events <= 1.2.1 - SQL Injection Vulnerability 17798 SQLI 1-flash-gallery <= 1.9.0 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS 1 Flash Gallery - Arbiraty File Upload Exploit (MSF) 17801 UPLOAD WP-Filebase Download Manager <= 0.2.9 - SQL Injection Vulnerability 17808 SQLI WP-Filebase - Unspecified Vulnerabilities 51269 UNKNOWN 0.2.9.25 A to Z Category Listing <= 1.3 - SQL Injection Vulnerability 17809 SQLI WP e-Commerce <= 3.8.6 - SQL Injection Vulnerability 17832 SQLI WP-e-Commerce v3.8.9.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 XSS Filedownload 0.1 - (download.php) Remote File Disclosure Vulnerability 17858 LFI TheCartPress <= 1.6 - Cross Site Sripting http://packetstormsecurity.com/files/108272/ XSS TheCartPress 1.1.1 - Remote File Inclusion 17860 RFI WPEasyStats 1.8 - Remote File Inclusion 17862 RFI Annonces 1.2.0.0 - Remote File Inclusion 17863 RFI Livesig 0.4 - Remote File Inclusion 17864 RFI Disclosure Policy 1.0 - Remote File Inclusion 17865 RFI Mailing List 1.3.2 - Remote File Inclusion 17866 RFI Mailing List - Arbitrary file download 18276 UNKNOWN 1.4.1 Zingiri Web Shop 2.2.0 - Remote File Inclusion 17867 RFI Zingiri Web Shop <= 2.2.3 - Remote Code Execution 18111 RCE Mini Mail Dashboard Widget 1.36 - Remote File Inclusion 17868 RFI Mini Mail Dashboard Widget 1.42 - Stored XSS 20358 XSS Relocate Upload 0.14 - Remote File Inclusion 17869 RFI Category Grid View Gallery 0.1.1 - Shell Upload vulnerability 17872 UPLOAD Category Grid View Gallery - CatGridPost.php ID Parameter XSS 94805 XSS Auto Attachments 0.2.9 - Shell Upload vulnerability 17872 UPLOAD WP Marketplace 1.1.0 - Shell Upload vulnerability 17872 UPLOAD DP Thumbnail 1.0 - Shell Upload vulnerability 17872 UPLOAD Vk Gallery 1.1.0 - Shell Upload vulnerability 17872 UPLOAD Rekt Slideshow 1.0.5 - Shell Upload vulnerability 17872 UPLOAD CAC Featured Content 0.8 - Shell Upload vulnerability 17872 UPLOAD Rent A Car 1.0 - Shell Upload vulnerability 17872 UPLOAD LISL Last Image Slider 1.0 - Shell Upload vulnerability 17872 UPLOAD Islidex 2.7 - Shell Upload vulnerability 17872 UPLOAD Kino Gallery 1.0 - Shell Upload vulnerability 17872 UPLOAD Cms Pack 1.3 - Shell Upload vulnerability 17872 UPLOAD A Gallery 0.9 - Shell Upload vulnerability 17872 UPLOAD Category List Portfolio Page 0.9 - Shell Upload vulnerability 17872 UPLOAD Really Easy Slider 0.1 - Shell Upload vulnerability 17872 UPLOAD Verve Meta Boxes 1.2.8 - Shell Upload vulnerability 17872 UPLOAD User Avatar 1.3.7 - shell upload vulnerability 17872 UPLOAD Extend 1.3.7 - Shell Upload vulnerability 75638 2011-4106 17872 UPLOAD AdRotate <= 3.6.5 - SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI AdRotate <= 3.6.6 - SQL Injection Vulnerability 18114 SQLI WP-SpamFree 3.2.1 - Spam SQL Injection Vulnerability 17970 SQLI GD Star Rating - Export Security Bypass Security Issue 49850 AUTHBYPASS 1.9.19 GD Star Rating <= 1.9.16 - Cross Site Scripting http://packetstormsecurity.com/files/112702/ XSS GD Star Rating <= 1.9.10 - SQL Injection 17973 SQLI Contact Form <= 2.7.5 - SQL Injection 17980 SQLI WP Photo Album Plus <= 4.1.1 - SQL Injection 17983 SQLI WP Photo Album Plus <= 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS 88851 51669 51679 XSS WP Photo Album Plus - Full Path Disclosure http://1337day.com/exploit/20125 FPD 4.9.1 WP Photo Album Plus - index.php wppa-tag Parameter XSS 89165 51829 XSS 4.9.3 WP Photo Album Plus - "commentid" Cross-Site Scripting Vulnerability 93033 2013-3254 53105 XSS 5.0.3 WP Photo Album Plus - wp-admin/admin.php edit_id Parameter XSS 94465 53915 XSS 5.0.11 BackWPUp 2.1.4 - Code Execution 17987 RCE plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability 71481 RCE BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS 2013-4626 https://www.htbridge.com/advisory/HTB23161 96505 54515 http://packetstormsecurity.com/files/122916/ XSS 3.0.13 portable-phpMyAdmin - Authentication Bypass 88391 2012-5469 23356 51520 AUTHBYPASS 1.3.1 Portable phpMyAdmin - /pma/phpinfo.php Direct Request System Information Disclosure 98766 http://seclists.org/oss-sec/2013/q4/138 Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass 98767 2013-4454 55270 http://seclists.org/oss-sec/2013/q4/138 AUTHBYPASS super-refer-a-friend - Full Path Disclosure http://1337day.com/exploit/20126 FPD 1.0 W3 Total Cache - Username and Hash Extract 92742 92741 2012-6079 2012-6078 http://seclists.org/fulldisclosure/2012/Dec/242 https://github.com/FireFart/W3TotalCacheExploit auxiliary/gather/wp_w3_total_cache_hash_extract UNKNOWN 0.9.2.5 W3 Total Cache - Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html exploits/unix/webapp/php_wordpress_total_cache RCE 0.9.2.9 W3 Total Cache 0.9.2.9 - PHP Code Execution 25137 2013-2010 92652 53052 WP-Super-Cache 1.3 - Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html RCE 1.3.1 ripe-hd-player 1.0 - ripe-hd-player/config.php id Parameter SQL Injection 89437 24229 http://xforce.iss.net/xforce/xfdb/81415 SQLI ripe-hd-player 1.0 - Multiple Script Direct Request Path Disclosure 89438 24229 http://www.securityfocus.com/bid/57473 http://xforce.iss.net/xforce/xfdb/81414 FPD floating-tweets - persistent XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ XSS floating-tweets - directory traversal http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ UNKNOWN ipfeuilledechou - SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploit/20206 SQLI Simple Login Log - XSS 51780 XSS 0.9.4 Simple Login Log - SQL Injection 51780 SQLI 0.9.4 wp-slimstat - XSS 51721 XSS 2.8.5 SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability 55160 http://packetstormsecurity.com/files/123494/ UPLOAD browser-rejector - Remote and Local File Inclusion 51739 LFI 2.11 File Uploader - PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ UPLOAD Cardoza WordPress poll 34.05 - Multiple External Function Remote Poll Manipulation 89443 2013-1401 51925 http://seclists.org/bugtraq/2013/Jan/86 http://packetstormsecurity.com/files/119736/ CSRF 34.06 Cardoza WordPress poll - CWPPoll.js Multiple Method pollid Parameter SQL Injection 89444 2013-1400 http://packetstormsecurity.com/files/119736/ http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html http://seclists.org/bugtraq/2013/Jan/86 SQLI Cardoza WordPress poll - Multiple SQL Injection Vulnerabilities 50910 SQLI 33.6 Developer Formatter - CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploit/20210 51912 MULTI DVS Custom Notification - Cross-Site Request Forgery Vulnerability 89441 2012-4921 51531 CSRF 1.0.1 Events Manager 5.3.3 - Multiple XSS Vulnerabilities 51869 XSS 5.3.4 Events Manager 5.3.5 - wp-admin/admin-ajax.php dbem_phone Parameter XSS 90913 52475 XSS 5.3.6 Events Manager 5.3.5 - index.php event_owner_name Parameter XSS 90914 52475 XSS 5.3.6 Events Manager 5.3.5 - wp-admin/post.php Multiple Parameter XSS 90915 52475 XSS 5.3.6 Events Manager 5.3.8 - Multiple XSS Vulnerabilities http://www.securityfocus.com/bid/60078 53478 93558 XSS 5.3.9 Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities 98198 55182 XSS 5.5.2 SolveMedia 1.1.0 - CSRF Vulnerability 24364 89585 http://1337day.com/exploit/20222 51927 CSRF 1.1.1 Welcart e-Commerce - Cross-Site Scripting and Request Forgery Vulnerabilities 51581 MULTI Knews - Multilingual Newsletters Cross-Site Request Forgery Vulnerability 51543 CSRF Video Lead Form - "errMsg" Cross-Site Scripting Vulnerability 51419 XSS WooCommerce Predictive Search - "rs" Cross-Site Scripting Vulnerability 51385 XSS WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS 95480 XSS 2.0.13 WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS 98754 http://packetstormsecurity.com/files/123684/ XSS WP e-Commerce Predictive Search - "rs" Cross-Site Scripting Vulnerability 51384 XSS vTiger - CRM Lead Capture Unspecified Vulnerability 51305 UNKNOWN 1.1.0 WP-PostViews - "search_input" Cross-Site Scripting Vulnerability 50982 XSS WP-PostViews - Cross-Site Request Forgery Vulnerability 53127 CSRF 1.63 DX-Contribute - Cross-Site Request Forgery Vulnerability 51082 CSRF Wysija Newsletters 2.2 - SQL Injection Vulnerability 89924 https://www.htbridge.com/advisory/HTB23140 http://packetstormsecurity.com/files/120089/ http://seclists.org/bugtraq/2013/Feb/29 http://cxsecurity.com/issue/WLB-2013020039 SQLI 2.2.1 Wysija Newsletters - swfupload Cross-Site Scripting Vulnerability 51249 http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS 2.1.7 Hitasoft FLV Player - "id" SQL Injection Vulnerability 51179 SQLI Spider Calendar - "many_sp_calendar" Cross-Site Scripting Vulnerability 50981 XSS Spider Calendar 1.3.0 - Multiple Vulnerabilities 25723 93584 53481 MULTI Dynamic Font Replacement 1.3 - SQL Injection Vulnerability http://1337day.com/exploit/20239 SQLI Zingiri Form Builder - "error" Cross-Site Scripting Vulnerability 50983 XSS 1.2.1 White Label CMS - Cross-Site Request Forgery Vulnerability 50487 CSRF 1.5.1 Download Shortcode - "file" Arbitrary File Disclosure Vulnerability 50924 LFI 0.2.1 eShop Magic - "file" Arbitrary File Disclosure Vulnerability 50933 LFI 0.2 Pinterest "Pin It" Button Lite - Multiple Unspecified Vulnerabilities 50868 MULTI 1.4.0 CSS Plus - Unspecified Vulnerabilities 50793 UNKNOWN 1.3.2 Multisite plugin Manager - Two Cross-Site Scripting Vulnerabilities 50762 XSS 3.1.2 ABC Test - "id" Cross-Site Scripting Vulnerability 50608 XSS Token Manager - "tid" Cross-Site Scripting Vulnerabilities 50722 XSS Sexy Add Template - Cross-Site Request Forgery Vulnerability 50709 CSRF Notices Ticker 5.0 - Cross-Site Request Forgery Vulnerability 85729 50717 http://packetstormsecurity.org/files/116774/ CSRF MF Gig Calendar 0.9.4.1 - URL Cross-Site Scripting Vulnerability 85682 2012-4242 50571 http://packetstormsecurity.org/files/116713/ XSS wp-topbar <= 3.04 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS WP-TopBar - Cross-Site Request Forgery Vulnerability 50693 CSRF 4.0.3 HD Webplayer - Two SQL Injection Vulnerabilities 50466 SQLI Cloudsafe365 - Multiple Vulnerabilities 50392 MULTI 1.47 Vitamin 1.0 - add_headers.php path Parameter Traversal Arbitrary File Access 84463 50176 LFI 1.1 Vitamin 1.0 - minify.php path Parameter Traversal Arbitrary File Access 84464 50176 LFI 1.1 Featured Post with thumbnail 1.4 - Unspecified timthumb Vulnerability 84460 50161 UNKNOWN 1.5 WP Lead Management 3.0.0 - Script Insertion Vulnerabilities 84462 20270 50166 XSS XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities 50173 XSS 1.0.4 G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities 84434 50100 http://packetstormsecurity.org/files/115173/ AUTHBYPASS Backend Localization - Cross-Site Scripting Vulnerabilities 50099 XSS 2.0 Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities 49910 MULTI 0.9.2 Get Off Malicious Scripts - Cross-Site Scripting Vulnerability 50030 XSS 1.2.07.20 Cimy User Extra Fields - Arbitrary File Upload Vulnerability 49975 UPLOAD 2.3.9 Nmedia Users File Uploader - Arbitrary File Upload Vulnerability 49996 UPLOAD 2.0 wp-explorer-gallery - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20251 UPLOAD accordion - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20254 UPLOAD wp-catpro - Arbitrary File Upload Vulnerability http://1337day.com/exploit/20256 UPLOAD RLSWordPressSearch - SQL Injection 24440 SQLI wordpress-simple-shout-box - SQL Injection http://cxsecurity.com/issue/WLB-2013010235 SQLI portfolio-slideshow-pro v3 - SQL Injection http://cxsecurity.com/issue/WLB-2013010236 SQLI Simple History - RSS Feed "rss_secret" Disclosure Weakness 89640 51998 http://www.securityfocus.com/bid/57628 UNKNOWN 1.0.8 p1m media manager - SQL Injection Vulnerability http://1337day.com/exploit/20270 SQLI wp-table-reloaded <= 1.9.3 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS wp-table-reloaded - cross-site scripting in SWF http://packetstormsecurity.com/files/119968/ 52027 http://seclists.org/bugtraq/2013/Feb/28 XSS 1.9.4 Gallery - "load" Remote File Inclusion Vulnerability 51347 RFI ForumConverter - SQL Injection Vulnerability http://1337day.com/exploit/20275 SQLI Newsletter - SQL Injection Vulnerability http://1337day.com/exploit/20287 SQLI Newsletter - "alert" Cross-Site Scripting Vulnerability 53398 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php XSS 3.2.7 CommentLuv 2.92.3 - Cross Site Scripting Vulnerability 89925 https://www.htbridge.com/advisory/HTB23138 http://packetstormsecurity.com/files/120090/ http://seclists.org/bugtraq/2013/Feb/30 http://cxsecurity.com/issue/WLB-2013020040 52092 XSS 2.92.4 wp-forum - SQL Injection http://cxsecurity.com/issue/WLB-2013020035 SQLI WP ecommerce Shop Styling - "dompdf" Remote File Inclusion Vulnerability 51707 RFI 1.8 Audio Player - XSS in SWF http://seclists.org/bugtraq/2013/Feb/35 52083 XSS 2.0.4.6 CKEditor 4.0 - Arbitrary File Upload Exploit http://1337day.com/exploit/20318 UPLOAD myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection http://cxsecurity.com/issue/WLB-2013020061 SQLI Password Protected 1.4 - Login Process redirect_to Parameter Arbitrary Site Redirect 90559 REDIRECT Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS 90502 52179 XSS 3.35 Contact Form 3.36 - contact_form.php cntctfrm_contact_email Parameter XSS 90503 52250 XSS smart-flv - jwplayer.swf XSS http://www.openwall.com/lists/oss-security/2013/02/24/7 http://packetstormsecurity.com/files/115100/ 90606 XSS Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection http://1337day.com/exploit/20433 MULTI PHP Shell Plugin https://github.com/wpscanteam/wpscan/issues/138 http://plugins.svn.wordpress.org/php-shell/trunk/shell.php RCE Marekkis Watermark - Cross Site Scripting http://packetstormsecurity.com/files/120378/ XSS Responsive Logo Slideshow - URL and Image Field XSS 90406 http://packetstormsecurity.com/files/120379/ http://seclists.org/bugtraq/2013/Feb/84 XSS zopim-live-chat <= 1.2.5 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wppygments <= 0.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS copy-in-clipboard <= 0.8 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS search-and-share <= 0.9.3 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS placester <= 0.3.12 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS drp-coupon <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS coupon-code-plugin <= 2.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS q2w3-inc-manager <= 2.3.1 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS scorerender <= 0.3.4 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wp-link-to-us <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS buckets <= 0.1.9.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS java-trackback <= 0.2 - XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS slidedeck2 <= 2.1.20130228 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS wp-clone-by-wp-academy <= 2.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS tiny-url <= 1.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS thethe-layout-grid <= 1.0.0 - XSS in ZeroClipboard. http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS mobileview <= 1.0.7 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS jaspreetchahals-coupons-lite <= 2.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS geshi-source-colorer <= 0.13 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS click-to-copy-grab-box <= 0.1.1 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS cleeng <= 2.3.2 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS bp-code-snippets <= 2.0 - XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS snazzy-archives <= 1.7.1 - XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/10/3 2009-4168 XSS vkontakte-api - XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/11/1 2009-4168 XSS Terillion Reviews - Profile Id Field XSS 91123 2013-1201 http://packetstormsecurity.com/files/120730/ XSS o2s-gallery - Cross Site Scripting Vulnerability http://1337day.com/exploit/20516 XSS bp-gallery 1.2.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20518 XSS Simply Poll 1.4.1 - Multiple Vulnerabilities 24850 91446 MULTI Occasions 1.0.4 - Manipulation CSRF 91489 24858 52651 http://packetstormsecurity.com/files/120871/ CSRF Occasions 1.0.4 - occasions/occasions.php occ_content1 Parameter XSS 91490 24858 http://packetstormsecurity.com/files/120871/ XSS Mathjax Latex 1.1 - CSRF Vulnerability 24889 91737 http://1337day.com/exploit/20566 CSRF WP-Banners-Lite - XSS vulnerability http://seclists.org/fulldisclosure/2013/Mar/209 http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513 XSS Backupbuddy - sensitive data exposure in importbuddy.php http://seclists.org/fulldisclosure/2013/Mar/206 http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html UNKNOWN FuneralPress 1.1.6 - Persistent XSS 24914 2013-3529 91868 http://seclists.org/fulldisclosure/2013/Mar/282 XSS chikuncount - ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 exploit/unix/webapp/open_flash_chart_upload_exec UPLOAD open-flash-chart-core - ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 37903 2009-4140 exploit/unix/webapp/open_flash_chart_upload_exec UPLOAD 0.5 spamtask - ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 exploit/unix/webapp/open_flash_chart_upload_exec UPLOAD php-analytics - ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 exploit/unix/webapp/open_flash_chart_upload_exec UPLOAD seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 exploit/unix/webapp/open_flash_chart_upload_exec UPLOAD wp-seo-spy-google - ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 exploit/unix/webapp/open_flash_chart_upload_exec UPLOAD podPress 8.8.10.13 - Cross Site Scripting http://packetstormsecurity.com/files/121011/ XSS fbsurveypro - XSS Vulnerability http://1337day.com/exploit/20623 XSS timelineoptinpro - XSS Vulnerability http://1337day.com/exploit/20620 XSS kioskprox - XSS Vulnerability http://1337day.com/exploit/20624 XSS bigcontact - SQLI http://plugins.trac.wordpress.org/changeset/689798 SQLI 1.4.7 drawblog - CSRF http://plugins.trac.wordpress.org/changeset/691178 CSRF 0.81 Social Media Widget - malicious code http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot UNKNOWN 4.0.2 Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection 92312 2013-1949 53020 http://seclists.org/oss-sec/2013/q2/10 UNKNOWN 4.0.1 facebook-members - CSRF 52962 2013-2703 CSRF 5.0.5 foursquare-checkins - CSRF 92641 2013-2709 53151 CSRF 1.3 formidable Pro - Unspecified Vulnerabilities 53121 UNKNOWN 1.06.09 all-in-one-webmaster - CSRF 52877 2013-2696 CSRF 8.2.4 background-music 1.0 - jPlayer.swf XSS 53057 XSS haiku-minimalist-audio-player <= 1.0.0 - jPlayer.swf XSS 51336 XSS jammer <= 0.2 - jPlayer.swf XSS 53106 XSS SyntaxHighlighter Evolved 3.1.5 - clipboard.swf Unspecified XSS 92848 53235 XSS 3.1.6 top-10 1.9.2 - Setting Manipulation CSRF 92849 53205 CSRF 1.9.3 Easy AdSense Lite 6.06 - Setting Manipulation CSRF 92910 2013-2702 52953 CSRF 6.10 uk-cookie - XSS 87561 http://seclists.org/bugtraq/2012/Nov/50 2012-5856 XSS uk-cookie - CSRF http://www.openwall.com/lists/oss-security/2013/06/06/10 94032 2013-2180 CSRF wp-cleanfix - Remote Command Execution, CSRF and XSS https://github.com/wpscanteam/wpscan/issues/186 http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning 93450 53395 93468 2013-2108 2013-2109 MULTI 3.0.2 mail-on-update - CSRF 53449 http://www.openwall.com/lists/oss-security/2013/05/16/8 CSRF Advanced XML Reader - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure http://seclists.org/bugtraq/2013/May/5 92904 XXE Related Posts by Zemanta 1.3.1 - Cross-Site Request Forgery Vulnerability 93364 2013-3477 53321 CSRF 1.3.2 WordPress Related Posts 2.6.1 - Cross-Site Request Forgery Vulnerability 93362 2013-3476 53279 CSRF 2.7.2 Related Posts 2.7.1 - Cross-Site Request Forgery Vulnerability 93363 53122 CSRF 2.7.2 WP Print Friendly <= 0.5.2 - Security Bypass Vulnerability 93243 53371 UNKNOWN 0.5.3 Contextual Related Posts 1.8.6 - Cross-Site Request Forgery Vulnerability 93088 52960 CSRF 1.8.7 Calendar 1.3.2 - Entry Addition CSRF 93025 2013-2698 52841 CSRF 1.3.3 Feedweb 1.8.8 - widget_remove.php wp_post_id Parameter XSS 91951 2013-3720 52855 http://www.securityfocus.com/bid/58771 XSS 1.9 WP-Print - CSRF http://www.securityfocus.com/bid/58900 CSRF 2.52 WP-Print - CSRF http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt XSS WP-DownloadManager - CSRF http://www.securityfocus.com/bid/58937 CSRF 1.61 Digg Digg - CSRF http://wordpress.org/plugins/digg-digg/changelog/ 53120 93544 CSRF 5.3.5 SS Quiz - Multiple Unspecified Vulnerabilities 93531 53378 http://wordpress.org/plugins/ssquiz/changelog/ UNKNOWN 2.0 FunCaptcha 0.3.2- Setting Manipulation CSRF 92272 53021 http://wordpress.org/extend/plugins/funcaptcha/changelog/ CSRF 0.3.3 xili-language - index.php lang Parameter XSS 93233 53364 XSS 2.8.6 WordPress SEO - Security issue which allowed any user to reset settings http://wordpress.org/plugins/wordpress-seo/changelog/ UNKNOWN 1.4.5 WordPress SEO 1.14.15 - index.php s Parameter Reflected XSS 97885 http://packetstormsecurity.com/files/123028/ XSS WordPress SEO 1.4.6 - Reset Settings Feature Access Restriction Bypass 92147 52949 UNKNOWN Under Construction - CSRF http://wordpress.org/plugins/underconstruction/changelog/ 52881 93857 2013-2699 CSRF 1.09 ADIF Log Search Widget - XSS Arbitrary Vulnerability http://packetstormsecurity.com/files/121777/ 53599 93721 XSS Exploit Scanner - FPD and Security bypass vulnerabilities http://seclists.org/fulldisclosure/2013/May/216 93799 MULTI GA Universal - Cross-Site Request Forgery Vulnerability 52976 http://wordpress.org/plugins/ga-universal/changelog/ CSRF 1.0.1 Export to text - Remote File Inclusion Vulnerability 51348 93715 RFI 2.3 qTranslate - Cross-Site Request Forgery Vulnerability 53126 93873 CSRF Image slider with description - Unspecified Vulnerability 53588 93691 UNKNOWN 7.0 User Role Editor - Cross-Site Request Forgery Vulnerability 53593 93699 25721 CSRF 3.14 EELV Newsletter - Cross-Site Scripting Vulnerability 53546 93685 XSS 3.3.1 Frontier Post - Publishing Posts Security Bypass 53474 93639 UNKNOWN Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities 53491 93591 93593 93594 93595 93596 93597 93598 MULTI Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities 53481 93584 93585 93586 93587 93588 93582 MULTI AntiVirus 1.0 - PHP Backdoor Detection Bypass 95134 http://packetstormsecurity.com/files/121833/ http://seclists.org/fulldisclosure/2013/Jun/0 UNKNOWN AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure 95135 http://packetstormsecurity.com/files/121833/ http://seclists.org/fulldisclosure/2013/Jun/0 FPD 1.1 WP Maintenance Mode - Setting Manipulation CSRF 94450 CSRF Ultimate Auction 1.0 - CSRF Vulnerability 94407 26240 CSRF Leaflet Maps Marker - Tag Multiple Parameter SQL Injection 94388 SQLI 3.5.4 Xorbin Analog Flash Clock 1.0 - Flash-based XSS http://advisory.prakharprasad.com/xorbin_afc_wp.txt 2013-4692 XSS Xorbin Digital Flash Clock 1.0 - Flash-based XSS http://packetstormsecurity.com/files/122223/ http://advisory.prakharprasad.com/xorbin_dfc_wp.txt 2013-4693 XSS Dropdown Menu Widget - Script Insertion CSRF 94771 CSRF BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS 94807 XSS 1.0.2 wp-private-messages - /wp-admin/profile.php msgid Parameter SQL Injection 94702 SQLI Stream Video Player - Setting Manipulation CSRF 94466 CSRF Duplicator - installer.cleanup.php package Parameter XSS 95627 2013-4625 XSS 0.4.5 Citizen Space - Script Insertion CSRF 95570 CSRF 1.1 Spicy Blogroll - spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion 95557 26804 http://packetstormsecurity.com/files/122396/ RFI Pie Register - wp-login.php Multiple Parameter XSS 95160 XSS 1.31 Xhanch my Twitter - CSRF in admin/setting.php 96027 53133 2013-3253 CSRF 2.7.7 SexyBookmarks - Setting Manipulation CSRF http://wordpress.org/plugins/sexybookmarks/changelog/ 95908 2013-3256 53138 CSRF 6.1.5.0 HMS Testimonials 2.0.10 - CSRF http://wordpress.org/plugins/hms-testimonials/changelog/ 2013-4240 96107 96108 96109 96110 96111 54402 27531 2.0.11 HMS Testimonials 2.0.10 - XSS http://wordpress.org/plugins/hms-testimonials/changelog/ 2013-4241 96107 96108 96109 96110 96111 54402 27531 2.0.11 IndiaNIC Testimonial 2.2 - CSRF vulnerability 96792 2013-5672 28054 http://packetstormsecurity.com/files/123036/ http://seclists.org/fulldisclosure/2013/Sep/5 CSRF IndiaNIC Testimonial 2.2 - SQL Injection vulnerability 96793 2013-5673 28054 http://packetstormsecurity.com/files/123036/ http://seclists.org/fulldisclosure/2013/Sep/5 SQLI IndiaNIC Testimonial 2.2 - XSS vulnerability http://seclists.org/fulldisclosure/2013/Sep/5 28054 http://packetstormsecurity.com/files/123036/ XSS Usernoise 3.7.8 - Persistent XSS Vulnerability http://wordpress.org/plugins/usernoise/changelog/ 27403 96000 XSS 3.7.9 platinum_seo_pack.php - s Parameter Reflected XSS 97263 1.3.8 Design Approval System 3.6 - XSS Vulnerability 97192 97279 54704 http://seclists.org/bugtraq/2013/Sep/54 http://packetstormsecurity.com/files/123227/ 2013-5711 3.7 XSS Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF 97042 http://packetstormsecurity.com/files/123132/ CSRF Event Easy Calendar 1.0.0 - Multiple Unspecified XSS 97041 http://packetstormsecurity.com/files/123132/ XSS Bradesco - falha.php URI Reflected XSS 97624 2013-5916 http://packetstormsecurity.com/files/123356/ XSS Social Hashtags 2.0.0 - New Post Title Field Stored XSS 98027 http://packetstormsecurity.com/files/123485/ XSS Simple Flickr Display - Username Field Stored XSS 97991 XSS Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution 97662 2013-5961 28452 http://packetstormsecurity.com/files/123349/ http://xforce.iss.net/xforce/xfdb/87384 UPLOAD SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability http://packetstormsecurity.com/files/123493/ 55162 UPLOAD All in One SEO Pack <= 2.0.3 - XSS Vulnerability 98023 2013-5988 http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html http://packetstormsecurity.com/files/123490/ http://www.securityfocus.com/bid/62784 http://seclists.org/bugtraq/2013/Oct/8 55133 2.0.3.1 XSS Simple Dropbox Upload - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/123235/ http://xforce.iss.net/xforce/xfdb/87166 97457 54856 2013-5963 1.8.8.1 UPLOAD WP Ultimate Email Marketer - Multiple Vulnerabilities 97648 97649 97650 97651 97652 97653 97654 97655 97656 2013-3263 2013-3264 53170 http://www.securityfocus.com/bid/62621 MULTI miniAudioPlayer 1.3.8 - maplayertinymce.php Multiple Parameter XSS 97768 54979 http://packetstormsecurity.com/files/123372/ http://www.securityfocus.com/bid/62629 XSS Custom Website Data 1.0 - wp-admin/admin.php ref Parameter XSS 97668 54865 http://www.securityfocus.com/bid/62624 XSS 1.1 Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability 97481 54894 2013-5962 28377 http://packetstormsecurity.com/files/123303/ http://xforce.iss.net/xforce/xfdb/87172 3.3.4 UPLOAD LBG Zoominoutslider - add_banner.php name Parameter Stored XSS 97887 54983 http://packetstormsecurity.com/files/123367/ XSS LBG Zoominoutslider - settings_form.php Multiple Parameter Stored XSS 99339 http://packetstormsecurity.com/files/123914/ http://seclists.org/fulldisclosure/2013/Nov/30 XSS LBG Zoominoutslider - add_playlist_record.php Multiple Parameter Stored XSS 99340 http://packetstormsecurity.com/files/123914/ http://seclists.org/fulldisclosure/2013/Nov/30 XSS LBG Zoominoutslider - add_banner.php Unspecified XSS 99320 http://packetstormsecurity.com/files/123367/ XSS LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure 99341 http://seclists.org/fulldisclosure/2013/Nov/30 FPD Woopra - Remote Code Execution http://packetstormsecurity.com/files/123525/ RCE fGallery_Plus - fim_rss.php album Parameter Reflected XSS 97625 http://packetstormsecurity.com/files/123347/ http://seclists.org/bugtraq/2013/Sep/105 http://seclists.org/bugtraq/2013/Sep/107 http://seclists.org/bugtraq/2013/Sep/108 XSS NOSpamPTI 2.1 - wp-comments-post.php comment_post_ID Parameter SQL Injection 97528 28485 2013-5917 http://packetstormsecurity.com/files/123331/ SQLI Comment Attachment 1.0 - XSS Vulnerability 97600 http://packetstormsecurity.com/files/123327/ http://www.securityfocus.com/bid/62438 XSS Mukioplayer 1.6 - SQL Injection 97609 http://packetstormsecurity.com/files/123231/ SQLI Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Arbitrary Site Redirect 97881 http://packetstormsecurity.com/files/122992/ UNKNOWN Encrypted Blog 0.0.6.2 - encrypt_blog_form.php redirect_to Parameter Reflected XSS 97882 http://packetstormsecurity.com/files/122992/ XSS Simple Login Registration 1.0.1 - XSS 96660 54583 http://packetstormsecurity.com/files/122963/ XSS Post Gallery - XSS http://packetstormsecurity.com/files/122957/ XSS ProPlayer 4.7.9.1 - SQL Injection 25605 93564 SQLI Booking Calendar 4.1.4 - CSRF Vulnerability 96088 27399 54461 http://packetstormsecurity.com/files/122691/ http://wpbookingcalendar.com/ CSRF 4.1.6 ThinkIT 0.1 - Multiple Vulnerabilities 27751 96515 http://packetstormsecurity.com/files/122898/ MULTI Quick Contact Form 6.0 - Persistent XSS 98279 28808 55172 http://packetstormsecurity.com/files/123549/ http://quick-plugins.com/quick-contact-form/ XSS 6.1 Quick Paypal Payments 3.0 - Payment Sending Multiple Parameter XSS 98715 55292 http://packetstormsecurity.com/files/123662/ XSS Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability http://www.securityfocus.com/bid/53850 IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities 24867 91625 MULTI IndiaNIC FAQs Manager 1.0 - Blind SQL Injection 24868 91623 SQLI Booking System - events_facualty_list.php eid Parameter Reflected XSS 96740 XSS JS Restaurant - popup.php restuarant_id Parameter SQL Injection 96743 http://packetstormsecurity.com/files/122316/ SQLI FlagEm - flagit.php cID Parameter XSS 98226 http://www.securityfocus.com/bid/61401 http://xforce.iss.net/xforce/xfdb/85925 http://packetstormsecurity.com/files/122505/ XSS Chat - message Parameter XSS 95984 54403 XSS Shareaholic - Unspecified CSRF 96321 54529 CSRF 7.0.3.4 Page Showcaser Boxes - Title Field Stored XSS 97579 XSS A Forms 1.4.0 - Multiple Parameters SQL Injection 96404 SQLI 1.4.2 A Forms 1.4.1 - Form Submission CSRF 96381 54489 CSRF 1.4.2 ShareThis 7.0.3 - Setting Manipulation CSRF 96884 2013-3479 53135 CSRF Simple Flash Video 1.7 - Cross Site Scripting 98371 http://packetstormsecurity.com/files/123562/ XSS Landing Pages - Unspecified SQL Injection 98334 55192 http://www.securityfocus.com/bid/62942 SQLI 1.2.3 Cart66 1.5.1.14 - admin.php cart66-products Page Product Manipulation CSRF 98352 2013-5977 28959 55265 http://packetstormsecurity.com/files/123587/ CSRF 1.5.1.15 Cart66 - admin.php cart66-products Page Multiple Field Stored XSS 98353 2013-5978 28959 http://packetstormsecurity.com/files/123587/ XSS 1.5.1.15 Wise Search Widget 1.1 - s Parameter Reflected XSS 97989 XSS Catholic Liturgical Calendar Widget 0.0.1 - Title Field Stored XSS 98026 XSS Zenphoto 1.4.5.2 - wordpress_import.php wp_prefix Function SQL Injection 98091 http://packetstormsecurity.com/files/123501/ http://www.securityfocus.com/bid/62815 http://seclists.org/bugtraq/2013/Oct/20 SQLI 1.4.5.4 Group Documents 1.2 - File Uploading Multiple Parameter Stored XSS 98246 55130 http://www.securityfocus.com/bid/62886 XSS 1.2.2 AB Categories Search Widget 0.1 - s Parameter Reflected XSS 97987 XSS SL User Create 0.2.4 - LSL script Secret String Weakness Information Disclosure 98456 55262 http://www.securityfocus.com/bid/63009 UNKNOWN 0.2.5 Spider Video Player 2.1 - /wp-content/plugins/player/settings.php theme Parameter SQL Injection 92264 2013-3532 http://packetstormsecurity.com/files/121250/ http://www.securityfocus.com/bid/59021 http://xforce.iss.net/xforce/xfdb/83374 SQLI Finalist - /wp-content/plugins/finalist/vote.php id Parameter Reflected XSS 98665 http://packetstormsecurity.com/files/123597/ XSS Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS 98668 55296 28970 http://packetstormsecurity.com/files/123597/ http://www.securityfocus.com/bid/63021 XSS Video Metabox 1.1 - Persistent XSS Vulnerability Disclosure 98641 55257 http://www.securityfocus.com/bid/63172 http://securityundefined.com/wordpress-video-metabox-plugin-persistent-xss-vulnerability-disclosure/ XSS 1.1.1 WP Realty - MySQL Time Based Injection 98748 29021 http://packetstormsecurity.com/files/123655/ http://www.securityfocus.com/bid/63217 SQLI Feed - news_dt.php nid Parameter SQL Injection 94804 http://packetstormsecurity.com/files/122260/ SQLI Social Sharing Toolkit 2.2.1 - Setting Manipulation CSRF 98717 2013-2701 52951 CSRF Videowall - index.php page_id Parameter Reflected XSS 98765 http://packetstormsecurity.com/files/123693/ http://seclists.org/bugtraq/2013/Oct/98 XSS Really simple Facebook Twitter share buttons 2.10.4 - Settings Page Manipulation CSRF 97190 54707 http://www.securityfocus.com/bid/62268 CSRF 2.10.5 Car Demon 1.0.1 - /wp-admin/edit.php Multiple Parameter XSS 90365 51088 XSS Car Demon 1.0.1 - /wp-admin/post.php Multiple Parameter XSS 90366 51088 XSS Blue Wrench Video Widget 1.0.2 - admin.php bw-videos Page Multiple Action CSRF 98922 55456 http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/ CSRF Blue-Wrench-Video-Widget 1.0.2 - admin.php bw-videos Page Multiple Parameter Stored XSS 98923 55456 http://securityundefined.com/wordpress-plugin-blue-wrench-video-widget-csrf-persistent-xss-0day-disclosure/ XSS MailUp 1.3.2 - ajax.functions.php Ajax Function Call Handling XSS Weakness 91274 2013-0731 51917 XSS 1.3.3 WP Online Store 1.3.1 - index.php slug Parameter Traversal Local File Inclusion 90243 50836 LFI WP Online Store 1.3.1 - index.php Multiple Parameter Traversal Arbitrary File Access 90244 50836 UNKNOWN Payment Gateways Caller for WP e-Commerce 0.1.0 - load_merchant Parameter Traversal Local file Inclusion 98916 http://packetstormsecurity.com/files/123744/ LFI 0.1.1 Easy Photo Album 1.1.5 - Album Information Disclosure 98802 AUTHBYPASS 1.1.6 Hungred Post Thumbnail - hpt_file_upload.php File Upload PHP Code Execution 82830 http://packetstormsecurity.com/files/113402/ http://www.securityfocus.com/bid/53898 RCE Spreadsheet - /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS 98831 2013-6281 55396 http://packetstormsecurity.com/files/123699/ http://www.securityfocus.com/bid/63256 XSS Tweet Blender 4.0.1 - Unspecified XSS 98978 XSS WordPress SB Uploader 3.9 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/119159/ UPLOAD Connections <= 0.7.1.5 - Unspecified Security Vulnerability 2011-5254 http://www.securityfocus.com/bid/51204 XSS 0.7.1.5 Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS 99045 55443 http://packetstormsecurity.com/files/123924/ http://www.securityfocus.com/bid/63382 XSS 2.0.20 Gallery Bank 2.0.19 - Multiple Unspecified Issues 99046 55443 http://www.securityfocus.com/bid/63382 UNKNOWN 2.0.20 Gallery Bank 2.0.19 - album-gallery-bank-class.php recordsArray Parameter Reflected XSS 99345 55443 http://www.securityfocus.com/bid/63385 http://seclists.org/fulldisclosure/2013/Nov/38 XSS 2.0.20 Rockhoist Ratings 1.2.2 - wp-admin/admin-ajax.php postID Parameter SQL Injection 99195 55445 http://www.securityfocus.com/bid/63441 SQLI Checkout Plugin - File Upload Remote Code Execution 99225 http://packetstormsecurity.com/files/123866/ RCE MobileChief - jQuery Validation Cross-Site Scripting Vulnerability 55501 http://packetstormsecurity.com/files/123809/ XSS Facebook Survey Pro - timeline/index.php id Parameter SQL Injection 87817 22853 http://packetstormsecurity.com/files/118238/ http://www.securityfocus.com/bid/56595 http://xforce.iss.net/xforce/xfdb/80141 SQLI Live Comment Preview 2.0.2 - Comment Field Preview XSS 92944 XSS Polldaddy Polls and Ratings 2.0.20 - Cross-Site Request Forgery Vulnerability 99515 55464 http://www.securityfocus.com/bid/63557 CSRF 2.0.21 Jigoshop 1.8 - Multiple Script Direct Request Path Disclosure 99485 FPD FCChat 2.2.11-2.2.13 - Upload.php Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/53855 UPLOAD Another WordPress Classifieds - Unspecified Image Upload Vulnerability http://www.securityfocus.com/bid/52861 UPLOAD Picturesurf Gallery 1.2 - upload.php Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/53894 UPLOAD