Content Slide Plugin Cross-Site Requst Forgery Vulnerability

Content Slide Plugin Cross-Site Requst Forgery Vulnerability http://secunia.com/advisories/52949/ http://osvdb.org/93871 CSRF Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/52963/ http://osvdb.org/93953 CSRF 3.6 WP-SendSMS Plugin for WordPress Setting Manipulation CSRF http://secunia.com/advisories/53796/ http://osvdb.org/94209 http://www.exploit-db.com/exploits/26124 CSRF WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS http://osvdb.org/94210 XSS Mail Subscribe List Plugin Script Insertion Vulnerability http://secunia.com/advisories/53732/ http://osvdb.org/94197 XSS 2.1 VideoJS Cross-Site Scripting Vulnerability http://secunia.com/advisories/53437/ http://seclists.org/fulldisclosure/2013/May/66 XSS 0.98 VideoJS Cross-Site Scripting Vulnerability http://secunia.com/advisories/53426/ http://seclists.org/fulldisclosure/2013/May/66 XSS 4.1 VideoJS Cross-Site Scripting Vulnerability http://secunia.com/advisories/53445/ http://seclists.org/fulldisclosure/2013/May/66 XSS 1.4 VideoJS Cross-Site Scripting Vulnerability http://secunia.com/advisories/53396/ http://seclists.org/fulldisclosure/2013/May/66 XSS 2.1 VideoJS Cross-Site Scripting Vulnerability http://seclists.org/fulldisclosure/2013/May/66 XSS Crayon Syntax Highlighter Remote File Inclusion http://secunia.com/advisories/50804/ http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/ RFI UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability http://www.exploit-db.com/exploits/17704/ LFI UnGallery Arbitrary Command Execution http://secunia.com/advisories/50875/ http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/ RCE 2.1.6 Thank You Counter Button XSS http://secunia.com/advisories/50977/ XSS 1.8.3 Bookings XSS http://secunia.com/advisories/50975/ XSS 1.8.3 Cimy User Manager Arbitrary File Disclosure http://secunia.com/advisories/50834/ http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/ UNKNOWN WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability http://secunia.com/advisories/51107/ SQLI 2.06.04 FireStorm Professional Real Estate Plugin Multiple SQL Injection http://secunia.com/advisories/50873/ http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/ SQLI 2.06.03 WP125 Multiple XSS http://secunia.com/advisories/50976/ XSS WordPress WP125 Plugin CSRF http://www.securityfocus.com/bid/58934 CSRF 1.5.0 Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities http://secunia.com/advisories/50874/ http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ SQLI BuddyStream XSS http://secunia.com/advisories/50972/ XSS post-views XSS http://secunia.com/advisories/50982/ XSS Floating Social Media Links Remote File Inclusion http://secunia.com/advisories/51346/ http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/ RFI Zingiri Forum Arbitrary File Disclosure http://secunia.com/advisories/50833/ http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/ UNKNOWN Google Document Embedder Arbitrary File Disclosure http://www.exploit-db.com/exploits/23970/ http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/ http://secunia.com/advisories/50832/ exploit/unix/webapp/wp_google_document_embedder_exec UNKNOWN 2.5.4 extended-user-profile Full Path Disclosure vulnerability http://1337day.com/exploit/20118 FPD superslider-show Full Path Disclosure vulnerability http://1337day.com/exploit/20117 FPD multibox plugin Full Path Disclosure vulnerability http://1337day.com/exploit/20119 FPD OpenInviter Information Disclosure http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html UNKNOWN RokBox Multiple Vulnerabilities http://1337day.com/exploit/19981 MULTI grou-random-image-widget Full Path Disclosure http://1337day.com/exploit/20047 FPD sintic_gallery Arbitrary File Upload Vulnerability http://1337day.com/exploit/19993 UPLOAD sintic_gallery Path Disclosure Vulnerability http://1337day.com/exploit/20020 FPD WP-UserOnline Full Path Disclosure http://seclists.org/fulldisclosure/2010/Jul/8 FPD Wp-UserOnline <= 0.62 Persistent XSS http://seclists.org/fulldisclosure/2010/Jul/8 XSS Shopping Cart Shell Upload / SQL Injection http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt http://secunia.com/advisories/51690/ MULTI 8.1.15 ReFlex Gallery Shell Upload http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt UPLOAD Uploader 1.0.4 Shell Upload http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt UPLOAD Xerte Online 0.32 Shell Upload http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt UPLOAD Advanced Custom Fields <= 3.5.1 Remote File Inclusion http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt http://secunia.com/advisories/51037/ exploit/unix/webapp/wp_advanced_custom_fields_exec RFI Wordpress sitepress-multilingual-cms Full Path Disclosure http://1337day.com/exploit/20067 FPD Asset Manager 0.2 Arbitrary File Upload http://www.exploit-db.com/exploits/18993/ UPLOAD WordPress plugin Asset manager upload.php Arbitrary Code Execution http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS powerzoomer Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20253 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html http://secunia.com/advisories/51224/ XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-3dflick-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20255 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html http://secunia.com/advisories/51250/ XSS WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities http://secunia.com/advisories/50377/ UNKNOWN 3.10 SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-homepage-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20260 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-image-news-slider Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20259 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS WordPress Image News slider Plugin Unspecified Vulnerabilities http://secunia.com/advisories/50390/ UNKNOWN 3.4 wp-levoslideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20250 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-powerplaygallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20252 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-royal-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20261 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp superb Slideshow Full Path Disclosure http://1337day.com/exploit/19979 FPD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Ajax Post Search Sql Injection http://seclists.org/bugtraq/2012/Nov/33 http://secunia.com/advisories/51205/ http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html SQLI 1.3 Answer My Question 1.1 Multiple XSS http://www.securityfocus.com/archive/1/524625/30/0/threaded http://secunia.com/advisories/50655/ XSS Catalog HTML Code Injection and Cross-site scripting http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt http://secunia.com/advisories/51143/ MULTI WordPress Spider Catalog Plugin Multiple SQL Injection and Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60079/info MULTI Wordfence 3.3.5 XSS and IAA http://seclists.org/fulldisclosure/2012/Oct/139 http://secunia.com/advisories/51055/ MULTI Slideshow jQuery Image Gallery Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html MULTI WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities http://secunia.com/advisories/51135/ XSS Social Discussions Multiple Vulnerabilities http://www.waraxe.us/advisory-93.html MULTI ABtest Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 UNKNOWN BBPress SQL Injection / Path Disclosure http://packetstormsecurity.org/files/116123 MULTI NextGen Cu3er Gallery Information Disclosure http://packetstormsecurity.org/files/116150 UNKNOWN Rich Widget File Upload http://packetstormsecurity.org/files/115787/wprichwidget-shell.txt UPLOAD Monsters Editor Shell Upload http://packetstormsecurity.org/files/115788/wpmonsters-shell.txt UPLOAD Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 XSS ThreeWP Email Reflector 1.13 Stored XSS http://www.exploit-db.com/exploits/20365/ XSS SimpleMail 1.0.6 Stored XSS http://www.exploit-db.com/exploits/20361/ http://secunia.com/advisories/50208/ XSS Postie 1.4.3 Stored XSS http://www.exploit-db.com/exploits/20360/ http://secunia.com/advisories/50207/ XSS RSVPMaker v2.5.4 Persistent XSS http://www.exploit-db.com/exploits/20474/ http://secunia.com/advisories/50289/ XSS Mz-jajak <= 2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/20416/ http://secunia.com/advisories/50217/ SQLI Resume Submissions Job Posting v2.5.1 Unrestricted File Upload http://www.packetstormsecurity.org/files/114716 UPLOAD WP-Predict v1.0 Blind SQL Injection http://www.exploit-db.com/exploits/19715/ SQLI Backup Plugin Information Disclosure http://www.exploit-db.com/exploits/19524/ http://secunia.com/advisories/50038/ UNKNOWN 2.1 MoodThingy Widget v0.8.7 Blind SQL Injection http://www.exploit-db.com/exploits/19572/ SQLI Paid Business Listings v1.0.2 Blind SQL Injection http://www.exploit-db.com/exploits/19481/ SQLI Website FAQ Plugin v1.0 SQL Injection http://www.exploit-db.com/exploits/19400/ SQLI Fancy Gallery 1.2.4 Shell Upload http://packetstormsecurity.org/files/114114/ UPLOAD Flip Book 1.0 Shell Upload http://packetstormsecurity.org/files/114112/ UPLOAD Ajax Multi Upload 1.1 Shell Upload http://packetstormsecurity.org/files/114109/ UPLOAD Schreikasten 0.14.13 XSS http://www.exploit-db.com/exploits/19294/ XSS Wordpress Automatic 2.0.3 CSRF http://packetstormsecurity.org/files/113763/ CSRF VideoWhisper Video Conference 4.51 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113580/ UPLOAD Auctions Plugin 2.0.1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113568/ UPLOAD LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113844/ UPLOAD Lim4wp 1.1.1 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113846/ UPLOAD Wp-ImageZoom 1.0.3 Remote File Disclosure http://packetstormsecurity.org/files/113845/ UNKNOWN Invit0r 0.22 Shell Upload http://packetstormsecurity.org/files/113639/ UPLOAD Annonces 1.2.0.1 Shell Upload http://packetstormsecurity.org/files/113637/ UPLOAD Contus Video Gallery 1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113571/ UPLOAD Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17678/ SQLI Contus HD FLV Player 1.7 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113570/ UPLOAD User Meta Version 1.1.1 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19052/ UPLOAD Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19053/ UPLOAD SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19054/ UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19055/ UPLOAD PICA Photo Gallery 1.0 Remote File Disclosure http://www.exploit-db.com/exploits/19016/ UNKNOWN SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues http://secunia.com/advisories/49923/ AUTHBYPASS WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities http://secunia.com/advisories/49836/ XSS 3.0 Mac Photo Gallery 2.7 Arbitrary File Upload http://www.exploit-db.com/exploits/19056/ UPLOAD drag and drop file upload 0.1 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19057/ UPLOAD Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19058/ UPLOAD wp-gpx-max version 1.1.21 Arbitrary File Upload http://www.exploit-db.com/exploits/19050/ UPLOAD Front File Manager Plugin 0.1 Arbitrary File Upload http://www.exploit-db.com/exploits/19012/ UPLOAD Front End Upload 0.5.3 Arbitrary File Upload http://www.exploit-db.com/exploits/19008/ UPLOAD Front End Upload v0.5.4 Arbitrary PHP File Upload http://www.exploit-db.com/exploits/20083/ UPLOAD Omni Secure Files 0.1.13 Arbitrary File Upload http://www.exploit-db.com/exploits/19009/ UPLOAD Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability http://www.exploit-db.com/exploits/19013/ UNKNOWN Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/19018/ UNKNOWN RBX Gallery 2.1 Arbitrary File Upload http://www.exploit-db.com/exploits/19019/ UPLOAD Simple Download Button Shortcode 1.0 Remote File Disclosure http://www.exploit-db.com/exploits/19020/ UNKNOWN Thinkun Remind 1.1.3 Remote File Disclosure http://www.exploit-db.com/exploits/19021/ UNKNOWN Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure http://www.exploit-db.com/exploits/19022/ UNKNOWN wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload http://www.exploit-db.com/exploits/19023/ UPLOAD Gallery 3.06 Arbitrary File Upload http://www.exploit-db.com/exploits/18998/ UPLOAD Font Uploader 1.2.4 Arbitrary File Upload http://www.exploit-db.com/exploits/18994/ UPLOAD WP-Property 1.35.0 Arbitrary File Upload http://www.exploit-db.com/exploits/18987/ UPLOAD WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload http://www.exploit-db.com/exploits/18988/ UPLOAD Google Maps via Store Locator Multiple Vulnerabilities http://www.exploit-db.com/exploits/18989/ MULTI store-locator-le SQL Injection http://secunia.com/advisories/51757/ SQLI 3.8.7 HTML5 AV Manager 0.2.7 Arbitrary File Upload http://www.exploit-db.com/exploits/18990/ UPLOAD Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/, http://www.exploit-db.com/exploits/19100/ UPLOAD FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection http://packetstormsecurity.org/files/117768 http://secunia.com/advisories/51109/ MULTI Track That Stat <= 1.0.8 Cross Site Scripting http://packetstormsecurity.org/files/112722/ XSS WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting http://packetstormsecurity.org/files/112658/ XSS Survey And Quiz Tool <= 2.9.2 Cross Site Scripting http://packetstormsecurity.org/files/112685/ XSS WP Statistics <= 2.2.4 Cross Site Scripting http://packetstormsecurity.org/files/112686/ XSS WP Easy Gallery <= 1.7 Cross Site Scripting http://packetstormsecurity.org/files/112687/ XSS WP Easy Gallery <= 2.7 CSRF http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery CSRF Subscribe2 <= 8.0 Cross Site Scripting http://packetstormsecurity.org/files/112688/ XSS Soundcloud Is Gold <= 2.1 Cross Site Scripting http://packetstormsecurity.org/files/112689/ XSS Sharebar <= 1.2.5 Button Manipulation CSRF http://osvdb.org/94843 CSRF Sharebar <= 1.2.1 SQL Injection / Cross Site Scripting http://packetstormsecurity.org/files/112690/ MULTI 1.2.2 Share And Follow <= 1.80.3 Cross Site Scripting http://packetstormsecurity.org/files/112691/ XSS SABRE <= 1.2.0 Cross Site Scripting http://packetstormsecurity.org/files/112692/ XSS Pretty Link Lite <= 1.5.2 Cross Site Scripting http://packetstormsecurity.org/files/112693/ XSS Pretty Link Lite <= 1.6.1 Cross Site Scripting http://secunia.com/advisories/50980/ XSS WordPress pretty-link plugin XSS in SWF http://seclists.org/bugtraq/2013/Feb/100 http://packetstormsecurity.com/files/120433/wpprettylink163-xss.txt 2013-1636 XSS Newsletter Manager <= 1.0 Cross Site Scripting http://packetstormsecurity.org/files/112694/ XSS Network Publisher <= 5.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112695/ XSS LeagueManager <= 3.7 Cross Site Scripting http://packetstormsecurity.org/files/112698/ http://secunia.com/advisories/49949/ XSS LeagueManager v3.8 SQL Injection http://www.exploit-db.com/exploits/24789/ SQLI Leaflet <= 0.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112699/ XSS PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting http://packetstormsecurity.org/files/112700/ XSS IFrame Admin Pages <= 0.1 Cross Site Scripting http://packetstormsecurity.org/files/112701/ XSS EZPZ One Click Backup <= 12.03.10 Cross Site Scripting http://packetstormsecurity.org/files/112705/ XSS Dynamic Widgets <= 1.5.1 Cross Site Scripting http://packetstormsecurity.org/files/112706/ XSS Download Monitor < 3.3.6.2 Cross Site Scripting http://www.securityfocus.com/bid/61407 http://secunia.com/advisories/53116 2013-5098 2013-3262 XSS 3.3.6.2 Download Monitor <= 3.3.5.7 Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html http://secunia.com/advisories/50511/ XSS Download Monitor <= 3.3.5.4 Cross Site Scripting http://packetstormsecurity.org/files/112707/ XSS Download Manager <= 2.2 Cross Site Scripting http://packetstormsecurity.org/files/112708/ XSS Code Styling Localization <= 1.99.16 Cross Site Scripting http://packetstormsecurity.org/files/112709/ XSS Catablog <= 1.6 Cross Site Scripting http://packetstormsecurity.org/files/112619/ XSS Bad Behavior <= 2.24 Cross Site Scripting http://packetstormsecurity.org/files/112619/ XSS BulletProof Security <= 0.47 Cross Site Scripting http://packetstormsecurity.org/files/112618/ XSS Better WP Security <= 3.5.3 Stored XSS https://github.com/wpscanteam/wpscan/issues/251 http://www.securityfocus.com/archive/1/527634/30/0/threaded http://osvdb.org/95884 XSS 3.5.4 Better WP Security v3.4.3 Multiple XSS http://seclists.org/bugtraq/2012/Oct/9 XSS 3.4.4 Better WP Security <= 3.2.4 Cross Site Scripting http://packetstormsecurity.org/files/112617/ XSS 3.2.5 Custom Contact Forms <= 5.0.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112616/ XSS 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting http://packetstormsecurity.org/files/112615/ XSS 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting http://packetstormsecurity.org/files/112711/ XSS Login With Ajax plugin Cross Site Scripting http://secunia.com/advisories/49013/ XSS 3.0.4.1 WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/52950/ CSRF 3.1 Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17628/ SQLI Media Library Categories plugin <= 1.1.1 Cross Site Scripting http://packetstormsecurity.org/files/112697/ SQLI FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload http://packetstormsecurity.org/files/111319/ RFI WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability http://secunia.com/advisories/49398/ SQLI 2.4.8 Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities http://www.exploit-db.com/exploits/18787/ http://secunia.com/advisories/48991/ XSS Zingiri Web Shop <= 2.3.5 Cross Site Scripting http://packetstormsecurity.org/files/112684/ XSS Zingiri Web Shop 2.4.3 Shell Upload http://packetstormsecurity.org/files/113668/ UPLOAD Organizer 1.2.1 Cross Site Scripting / Path Disclosure http://packetstormsecurity.org/files/112086, http://packetstormsecurity.org/files/113800 MULTI Zingiri Tickets plugin File Disclosure http://packetstormsecurity.org/files/111904 UNKNOWN XSS vulnerability in CMS Tree Page View Plugin https://www.htbridge.com/advisory/HTB23083 XSS Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress http://seclists.org/bugtraq/2012/Apr/70 XSS Buddypress <= 1.5.5 SQL Injection http://www.exploit-db.com/exploits/18690/ SQLI Register Plus Redux <= 3.8.3 Cross Site Scripting http://packetstormsecurity.org/files/111367 XSS Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability http://packetstormsecurity.org/files/110103 UPLOAD Kish Guest Posting 1.0 Arbitrary File Upload http://www.exploit-db.com/exploits/18412/ RFI AllWebMenus Shell Upload <= 1.1.9 Shell Upload http://packetstormsecurity.org/files/108946/ RFI AllWebMenus 1.1.3 Remote File Inclusion http://www.exploit-db.com/exploits/17861/ RFI Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting http://packetstormsecurity.org/files/108914/ XSS uCan Post plugin <= 1.0.09 Stored XSS http://www.exploit-db.com/exploits/18390/ XSS WP Cycle Playlist plugin Multiple Vulnerabilities http://1337day.com/exploits/17396 MULTI myEASYbackup 1.0.8.1 Directory Traversal http://packetstormsecurity.org/files/108711 UNKNOWN Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability http://www.exploit-db.com/exploits/24859/ XSS Count Per Day 3.2.3 Cross Site Scripting http://packetstormsecurity.org/files/115904 XSS Count Per Day 3.1.1 Cross Site Scripting http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt XSS Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/18355/ MULTI Count per Day plugin <= 2.17 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17857/ SQLI WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability http://1337day.com/exploits/17368 SQLI Age Verification plugin <= 0.4 Open Redirect http://www.exploit-db.com/exploits/18350 REDIRECT Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting http://packetstormsecurity.org/files/108470 XSS Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/18330/ MULTI Whois Search <= 1.4.2 Cross Site Scripting http://packetstormsecurity.org/files/108271 XSS BLIND SQL injection UPM-POLLS plugin 1.0.4 http://www.exploit-db.com/exploits/18231/ SQLI Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ XSS Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html XSS Link Library plugin <= 5.2.1 SQL Injection http://www.exploit-db.com/exploits/17887/ SQLI CevherShare 2.0 plugin SQL Injection Vulnerability http://www.exploit-db.com/exploits/17891/ SQLI meenews 5.1 plugin Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 XSS Click Desk Live Support Chat Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 XSS 2.0 adminimize 1.7.21 Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 XSS Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 XSS MM Duplicate plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17707/ SQLI Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17689/ SQLI Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17688/ SQLI Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17687/ SQLI Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17686/ SQLI WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17683/ SQLI OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17681/ SQLI Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17680/ SQLI WP Symposium plugin <= 0.64 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17679/ SQLI WP Symposium plugin <= 12.12 Multiple SQL Injection Vulnerabilities http://secunia.com/advisories/50674/ http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/ SQLI WordPress WP Symposium Plugin "u" XSS http://secunia.com/advisories/52864/ XSS 13.04 WordPress WP Symposium Plugin "u" Redirection Weakness http://secunia.com/advisories/52925/ REDIRECT File Groups plugin <= 1.1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17677/ SQLI IP-Logger plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17673/ SQLI Beer Recipes v.1.0 XSS http://www.exploit-db.com/exploits/17453/ SQLI Is-human <=1.4.2 Remote Command Execution Vulnerability http://www.exploit-db.com/exploits/17299/ RCE EditorMonkey plugin (FCKeditor) Arbitrary File Upload http://www.exploit-db.com/exploits/17284/ UPLOAD SermonBrowser 0.43 SQL Injection http://www.exploit-db.com/exploits/17214/ SQLI Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities http://www.exploit-db.com/exploits/17207/ MULTI WP Custom Pages 0.5.0.1 LFI Vulnerability http://www.exploit-db.com/exploits/17119/ LFI WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities http://secunia.com/advisories/51100/ MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities http://packetstormsecurity.org/files/117665/ http://www.waraxe.us/advisory-94.html http://secunia.com/advisories/51601/ MULTI GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16947/ MULTI GRAND Flash Album Gallery <= 1.56 XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS GRAND Flash Album Gallery <= 1.71 XSS Vulnerability http://packetstormsecurity.org/files/112704 XSS WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability http://secunia.com/advisories/53356/ SQLI 2.56 GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability http://secunia.com/advisories/53111/ http://osvdb.org/93714 XSS 2.72 PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit http://www.exploit-db.com/exploits/16273/ RCE OPS Old Post Spinner 2.2.1 LFI Vulnerability http://www.exploit-db.com/exploits/16251/ LFI jQuery Mega Menu 1.0 Local File Inclusion http://www.exploit-db.com/exploits/16250/ LFI IWantOneButton 3.0.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16236/ MULTI WP Forum Server 1.6.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/16235/ SQLI WP Forum Server plugin <= 1.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17828/ SQLI WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities http://www.packetstormsecurity.org/files/112703 MULTI Relevanssi 2.7.2 Stored XSS Vulnerability http://www.exploit-db.com/exploits/16233/ XSS GigPress 2.1.10 Stored XSS Vulnerability http://www.exploit-db.com/exploits/16232/ XSS WordPress Comment Rating 2.9.32 SQL Injection / Bypass http://packetstormsecurity.com/files/120569/wpcomment2932-sqlbypass.txt MULTI Comment Rating 2.9.23 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16221/ MULTI Z-Vote 1.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/16218/ SQLI User Photo Component Remote File Upload Vulnerability http://www.exploit-db.com/exploits/16181/ http://osvdb.org/71071 UPLOAD 0.9.5 Enable Media Replace Multiple Vulnerabilities http://www.exploit-db.com/exploits/16144/ MULTI Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection http://packetstormsecurity.org/files/108915/ MULTI Mingle Forum plugin <= 1.0.31 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17894/ SQLI Mingle Forum (Plugin) <= 1.0.26 Multiple Vulnerabilities http://www.exploit-db.com/exploits/15943/ MULTI Mingle Forum <= 1.0.33 Cross Site Scripting http://packetstormsecurity.org/files/112696/ MULTI Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection http://osvdb.org/90434 SQLI Accept Signups 0.1 XSS http://www.exploit-db.com/exploits/15808/ XSS Events Manager Extended Persistent XSS Vulnerability http://www.exploit-db.com/exploits/14923/ XSS NextGEN Smooth Gallery Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/14541/ SQLI myLDlinker SQL Injection Vulnerability http://www.exploit-db.com/exploits/14441/ SQLI Firestats Remote Configuration File Download http://www.exploit-db.com/exploits/14308/ UNKNOWN Simple:Press SQL Injection Vulnerability http://www.exploit-db.com/exploits/14198/ SQLI Vulnerabilities in Cimy Counter for WordPress http://www.exploit-db.com/exploits/14057/ MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html http://secunia.com/advisories/51271/ XSS 1.9.8 XSS in NextGEN Gallery <= 1.5.1 http://www.exploit-db.com/exploits/12098/ XSS 1.5.2 swfupload.swf Multiple Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60433 MULTI NextGEN Gallery 1.9.12 Arbitrary File Upload http://wordpress.org/plugins/nextgen-gallery/changelog/ http://osvdb.org/94232 2013-3684 UPLOAD 1.9.13 Copperleaf Photolog SQL injection http://www.exploit-db.com/exploits/11458/ SQLI Events SQL Injection Vulnerability http://www.exploit-db.com/exploits/10929/ http://osvdb.org/95677 SQLI 6.7.10 WP Events Calendar wp-admin/admin.php EC_id Parameter XSS http://osvdb.org/74705 XSS 6.7.12a Image Manager Plugins Shell Upload Vulnerability http://www.exploit-db.com/exploits/10325/ UPLOAD Vulnerabilities in WP-Cumulus <= 1.20 for WordPress http://www.exploit-db.com/exploits/10228/ MULTI WP-Cumulus Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340 XSS 1.23 WP-Syntax <= 0.9.1 Remote Command Execution http://www.exploit-db.com/exploits/9431/ RCE My Category Order <= 2.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/9150/ SQLI Related Sites 2.1 Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/9054/ SQLI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS DM Albums 1.9.2 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/9048/ LFI DM Albums 1.9.2 Remote File Inclusion Vuln http://www.exploit-db.com/exploits/9043/ RFI Photoracer 1.0 (id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/8961/ SQLI Photoracer plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17720/ SQLI Photoracer plugin <= 1.0 Multiple Vulnerabilities http://www.exploit-db.com/exploits/17731/ MULTI Lytebox (wp-lytebox) Local File Inclusion Vulnerability http://www.exploit-db.com/exploits/8791/ LFI fMoblog 2.1 (id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/8229/ SQLI Page Flip Image Gallery <= 0.2.2 Remote FD Vuln http://www.exploit-db.com/exploits/7543/ LFI e-Commerce <= 3.4 Arbitrary File Upload Exploit http://www.exploit-db.com/exploits/6867/ UPLOAD Download Manager 0.2 Arbitrary File Upload Exploit http://www.exploit-db.com/exploits/6127/ UPLOAD Spreadsheet <= 0.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5486/ SQLI Download (dl_id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/5326/ SQLI Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities http://www.exploit-db.com/exploits/5194/ MULTI Photo album Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5135/ SQLI Simple Forum 2.0-2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5126/ SQLI Simple Forum 1.10-1.11 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5127/ SQLI st_newsletter Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5053/ SQLI st_newsletter (stnl_iframe.php) SQL Injection Vuln http://www.exploit-db.com/exploits/6777/ SQLI Wordspew Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5039/ SQLI dmsguestbook 1.7.0 Multiple Remote Vulnerabilities http://www.exploit-db.com/exploits/5035/ MULTI WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit http://www.exploit-db.com/exploits/5017/ SQLI Adserve 0.2 adclick.php SQL Injection Exploit http://www.exploit-db.com/exploits/5013/ SQLI plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability http://www.exploit-db.com/exploits/4993/ SQLI WP-Cal 0.3 editevent.php SQL Injection Vulnerability http://www.exploit-db.com/exploits/4992/ SQLI plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/4939/ SQLI plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/7738/ SQLI Wp-FileManager 1.2 Remote Upload Vulnerability http://www.exploit-db.com/exploits/4844/ UPLOAD WordPress wp-FileManager File Download Vulnerability http://secunia.com/advisories/53421/ UNKNOWN 1.4.0 PictPress <= 0.91 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/4695/ LFI BackUp <= 0.4.2b RFI Vulnerability http://www.exploit-db.com/exploits/4593/ RFI plugin myflash <= 1.00 (wppath) RFI Vulnerability http://www.exploit-db.com/exploits/3828/ RFI plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability http://www.exploit-db.com/exploits/3825/ RFI plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability http://www.exploit-db.com/exploits/3824/ RFI myGallery <= 1.4b4 Remote File Inclusion Vulnerability http://www.exploit-db.com/exploits/3814/ RFI SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/17716/ SQLI Js-appointment plugin <= 1.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17724/ SQLI MM Forms Community <= 1.2.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17725/ SQLI MM Forms Community 2.2.6 Arbitrary File Upload http://www.exploit-db.com/exploits/18997/ UPLOAD Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17728/ SQLI Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17729/ SQLI Oqey Headers plugin <= 0.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17730/ SQLI Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17737/ SQLI Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17738/ SQLI Evarisk 5.1.5.4 Shell Upload http://packetstormsecurity.org/files/113638/ UPLOAD Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17739/ SQLI mySTAT plugin <= 2.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17740/ SQLI SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17748/ SQLI iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17749/ SQLI Advertizer plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17750/ SQLI Event Registration plugin <= 5.44 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17814/ SQLI Event Registration plugin <= 5.43 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17751/ SQLI Event Registration 5.32 SQL Injection Vulnerability http://www.exploit-db.com/exploits/15513/ SQLI Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17755/ SQLI wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17756/ SQLI WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability http://secunia.com/advisories/52030/ XSS 2.6 yolink Search plugin <= 1.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17757/ SQLI PureHTML plugin <= 1.0.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17758/ SQLI Couponer plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17759/ SQLI grapefile plugin <= 1.1 Arbitrary File Upload http://www.exploit-db.com/exploits/17760/ UPLOAD image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection http://www.exploit-db.com/exploits/17761/ MULTI Donation plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17763/ SQLI WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17764/ SQLI WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17906/ SQLI SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17767/ SQLI VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17771/ SQLI Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17773/ SQLI Zotpress plugin <= 4.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17778/ SQLI oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17779/ SQLI Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17789/ SQLI post highlights plugin <= 2.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17790/ SQLI KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17791/ SQLI SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17793/ SQLI Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability http://www.exploit-db.com/exploits/17794/ SQLI Paid Downloads plugin <= 2.01 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17797/ SQLI Community Events plugin <= 1.2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17798/ SQLI 1-flash-gallery <= 1.9.0 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS 1 Flash Gallery Arbiraty File Upload Exploit (MSF) http://www.exploit-db.com/exploits/17801/ UPLOAD WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17808/ SQLI WordPress WP-Filebase Plugin Unspecified Vulnerabilities http://secunia.com/advisories/51269/ UNKNOWN 0.2.9.25 A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17809/ SQLI WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17832/ SQLI WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 XSS Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/17858/ LFI TheCartPress <= 1.6 Cross Site Sripting http://packetstormsecurity.org/files/108272/ XSS TheCartPress 1.1.1 Remote File Inclusion http://www.exploit-db.com/exploits/17860/ RFI WPEasyStats 1.8 Remote File Inclusion http://www.exploit-db.com/exploits/17862/ RFI Annonces 1.2.0.0 Remote File Inclusion http://www.exploit-db.com/exploits/17863/ RFI Livesig 0.4 Remote File Inclusion http://www.exploit-db.com/exploits/17864/ RFI Disclosure Policy 1.0 Remote File Inclusion http://www.exploit-db.com/exploits/17865/ RFI Mailing List 1.3.2 Remote File Inclusion http://www.exploit-db.com/exploits/17866/ RFI Mailing List Arbitrary file download http://www.exploit-db.com/exploits/18276/ UNKNOWN 1.4.1 Zingiri Web Shop 2.2.0 Remote File Inclusion http://www.exploit-db.com/exploits/17867/ RFI Zingiri Web Shop <= 2.2.3 Remote Code Execution http://www.exploit-db.com/exploits/18111/ RCE Mini Mail Dashboard Widget 1.36 Remote File Inclusion http://www.exploit-db.com/exploits/17868/ RFI Mini Mail Dashboard Widget 1.42 Stored XSS http://www.exploit-db.com/exploits/20358/ XSS Relocate Upload 0.14 Remote File Inclusion http://www.exploit-db.com/exploits/17869/ RFI Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Category Grid View Gallery CatGridPost.php ID Parameter XSS http://osvdb.org/94805 XSS Auto Attachments plugin 0.2.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD WP Marketplace plugin 1.1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD DP Thumbnail plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Vk Gallery plugin 1.1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD CAC Featured Content plugin 0.8 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Rent A Car plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD LISL Last Image Slider plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Islidex plugin 2.7 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Kino Gallery plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Cms Pack plugin 1.3 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD A Gallery plugin 0.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Category List Portfolio Page plugin 0.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Really Easy Slider plugin 0.1 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD User Avatar plugin 1.3.7 shell upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Extend plugin 1.3.7 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD AdRotate plugin <= 3.6.5 SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI AdRotate plugin <= 3.6.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/18114/ SQLI WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability http://www.exploit-db.com/exploits/17970/ SQLI WordPress GD Star Rating Plugin Export Security Bypass Security Issue http://secunia.com/advisories/49850/ AUTHBYPASS 1.9.19 GD Star Rating plugin <= 1.9.16 Cross Site Scripting http://www.packetstormsecurity.org/files/112702 XSS GD Star Rating plugin <= 1.9.10 SQL Injection http://www.exploit-db.com/exploits/17973/ SQLI Contact Form plugin <= 2.7.5 SQL Injection http://www.exploit-db.com/exploits/17980/ SQLI WP Photo Album Plus <= 4.1.1 SQL Injection http://www.exploit-db.com/exploits/17983/ SQLI WP Photo Album Plus <= 4.8.12 Cross-Site Scripting http://secunia.com/advisories/51679/ XSS WP Photo Album Plus Full Path Disclosure http://1337day.com/exploit/20125 FPD 4.9.1 WP Photo Album Plus XSS http://secunia.com/advisories/51829/ XSS 4.9.3 WP Photo Album Plus XSS http://secunia.com/advisories/51669/ XSS 4.9.3 WordPress WP Photo Album Plus Plugin "commentid" Cross-Site Scripting Vulnerability http://secunia.com/advisories/53105/ XSS 5.0.3 WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS http://osvdb.org/94465 XSS 5.0.11 BackWPUp 2.1.4 Code Execution http://www.exploit-db.com/exploits/17987/ RCE plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability http://osvdb.org/71481 RCE portable-phpMyAdmin Authentication Bypass http://www.exploit-db.com/exploits/23356 http://secunia.com/advisories/51520/ AUTHBYPASS 1.3.1 super-refer-a-friend Full Path Disclosure http://1337day.com/exploit/20126 FPD 1.0 W3-Total-Cache Username and Hash Extract http://seclists.org/fulldisclosure/2012/Dec/242 https://github.com/FireFart/W3TotalCacheExploit auxiliary/gather/wp_w3_total_cache_hash_extract UNKNOWN 0.9.2.5 W3-Total-Cache Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html exploits/unix/webapp/php_wordpress_total_cache RCE 0.9.2.9 WP-Super-Cache Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html RCE 1.3.1 ripe-hd-player 1.0 SQL Injection http://www.exploit-db.com/exploits/24229/ SQLI ripe-hd-player 1.0 Full Path Disclosure http://www.exploit-db.com/exploits/24229/ FPD floating-tweets persistent XSS http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt http://websecurity.com.ua/6023/ XSS floating-tweets directory traversal http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt http://websecurity.com.ua/6023/ UNKNOWN ipfeuilledechou SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploits/20206 SQLI Simple Login Log Plugin XSS http://secunia.com/advisories/51780/ XSS 0.9.4 Simple Login Log Plugin SQL Injection http://secunia.com/advisories/51780/ SQLI 0.9.4 wp-slimstat XSS http://secunia.com/advisories/51721/ XSS 2.8.5 browser-rejector Remote and Local File Inclusion http://secunia.com/advisories/51739/ LFI 2.11 WordPress File Uploader Plugin PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ UPLOAD WordPress Poll Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51925/ CSRF 34.06 Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin http://secunia.com/advisories/51942/ http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html http://seclists.org/bugtraq/2013/Jan/86 SQLI WordPress Poll Plugin Multiple SQL Injection Vulnerabilities http://secunia.com/advisories/50910/ SQLI 33.6 Wordpress Developer Formatter CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 http://secunia.com/advisories/51912/ MULTI WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51531/ CSRF 1.0.1 WordPress Events Manager Plugin Multiple Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/51869/ XSS 5.3.4 WordPress Events Manager Multiple Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60078 http://secunia.com/advisories/53478/ http://osvdb.org/93558 XSS 5.3.9 WordPress SolveMedia CSRF Vulnerability http://1337day.com/exploit/20222 http://secunia.com/advisories/51927/ CSRF 1.1.1 WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities http://secunia.com/advisories/51581/ MULTI WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51543/ CSRF WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability http://secunia.com/advisories/51419/ XSS WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability http://secunia.com/advisories/51385/ XSS WooCommerce index.php calc_shipping_state Parameter XSS http://osvdb.org/95480 XSS 2.0.13 WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability http://secunia.com/advisories/51384/ XSS WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability http://secunia.com/advisories/51305/ UNKNOWN 1.1.0 WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50982/ XSS WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/53127/ CSRF 1.63 WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51082/ CSRF SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin https://www.htbridge.com/advisory/HTB23140 http://packetstormsecurity.com/files/120089/wpwysijanl-sql.txt http://seclists.org/bugtraq/2013/Feb/29 http://cxsecurity.com/issue/WLB-2013020039 SQLI 2.2.1 WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability http://secunia.com/advisories/51249/ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS 2.1.7 WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability http://secunia.com/advisories/51179/ SQLI WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50981/ XSS Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability http://1337day.com/exploit/20239 SQLI WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50983/ XSS 1.2.1 WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50487/ CSRF 1.5.1 Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability http://secunia.com/advisories/50924/ LFI 0.2.1 WordPress Crayon Syntax Highlighter Plugin "wp_load" Remote File Inclusion Vulnerability http://secunia.com/advisories/50804/ RFI 1.13 WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability http://secunia.com/advisories/50933/ LFI 0.2 WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities http://secunia.com/advisories/50868/ MULTI 1.4.0 WordPress CSS Plus Plugin Unspecified Vulnerabilities http://secunia.com/advisories/50793/ UNKNOWN 1.3.2 WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50762/ XSS 3.1.2 WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50608/ XSS Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50722/ XSS WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50709/ CSRF WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50717/ CSRF WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability http://secunia.com/advisories/50571/ XSS wp-topbar <= 3.04 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50693/ CSRF 4.0.3 WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities http://secunia.com/advisories/50466/ SQLI WordPress Cloudsafe365 Plugin Multiple Vulnerabilities http://secunia.com/advisories/50392/ MULTI 1.47 WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities http://secunia.com/advisories/50176/ LFI 1.1 WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability http://secunia.com/advisories/50161/ UNKNOWN 1.5 WordPress WP Lead Management Plugin Script Insertion Vulnerabilities http://secunia.com/advisories/50166/ XSS WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50173/ XSS 1.0.4 WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities http://secunia.com/advisories/50100/ AUTHBYPASS WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50099/ XSS 2.0 WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities http://secunia.com/advisories/49910/ MULTI 0.9.2 WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability http://secunia.com/advisories/50030/ XSS 1.2.07.20 WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability http://secunia.com/advisories/49975/ UPLOAD 2.3.9 WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability http://secunia.com/advisories/49996/ UPLOAD 2.0 wp-explorer-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20251 UPLOAD accordion Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20254 UPLOAD wp-catpro Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20256 UPLOAD Wordpress RLSWordPressSearch plugin SQL Injection http://www.exploit-db.com/exploits/24440/ SQLI wordpress-simple-shout-box Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013010235 SQLI Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013010236 SQLI WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness http://secunia.com/advisories/51998/ UNKNOWN 1.0.8 WordPress p1m media manager plugin SQL Injection Vulnerability http://www.1337day.com/exploit/20270 SQLI wp-table-reloaded <= 1.9.3 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS Wordpress wp-table-reloaded plugin cross-site scripting in SWF http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt http://secunia.com/advisories/52027/ http://seclists.org/bugtraq/2013/Feb/28 XSS 1.9.4 WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability http://secunia.com/advisories/51347/ RFI Wordpress plugins ForumConverter SQL Injection Vulnerability http://www.1337day.com/exploit/20275 SQLI WordPress plugins Newsletter SQL Injection Vulnerability http://www.1337day.com/exploit/20287 SQLI WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability http://secunia.com/advisories/53398/ http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php XSS 3.2.7 Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin https://www.htbridge.com/advisory/HTB23138 http://packetstormsecurity.com/files/120090/wpcommentluv-xss.txt http://seclists.org/bugtraq/2013/Feb/30 http://cxsecurity.com/issue/WLB-2013020040 http://secunia.com/advisories/52092/ XSS 2.92.4 Wordpress wp-forum plugin SQL Injection http://cxsecurity.com/issue/WLB-2013020035 SQLI WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability http://secunia.com/advisories/51707/ RFI 1.8 Wordpress Audio Player Plugin XSS in SWF http://seclists.org/bugtraq/2013/Feb/35 http://secunia.com/advisories/52083/ XSS 2.0.4.6 Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit http://1337day.com/exploit/20318 UPLOAD wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013020061 SQLI WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion Vulnerabilities http://secunia.com/advisories/50836/ http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/ http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/ MULTI Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect http://osvdb.org/90559 REDIRECT Contact Form Plugin XSS http://osvdb.org/90503 XSS smart-flv jwplayer.swf XSS http://www.openwall.com/lists/oss-security/2013/02/24/7 http://packetstormsecurity.com/files/115100/jwplayer-xss.txt http://osvdb.org/90606 XSS Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection http://1337day.com/exploits/20433 MULTI PHP Shell Plugin https://github.com/wpscanteam/wpscan/issues/138 http://plugins.svn.wordpress.org/php-shell/trunk/shell.php RCE Marekkis Watermark Cross Site Scripting http://packetstormsecurity.com/files/120378/wpmarekkiswatermark-xss.txt XSS Responsive Logo Slideshow Cross Site Scripting http://packetstormsecurity.com/files/120379/wpresponsivelogo-xss.txt XSS zopim-live-chat <= 1.2.5 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS ed2k-link-selector <= 1.1.7 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wppygments <= 0.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS copy-in-clipboard <= 0.8 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS search-and-share <= 0.9.3 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS placester <= 0.3.12 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS drp-coupon <= 2.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS coupon-code-plugin <= 2.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS q2w3-inc-manager <= 2.3.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS scorerender <= 0.3.4 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wp-link-to-us <= 2.0 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS buckets <= 0.1.9.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS java-trackback <= 0.2 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS slidedeck2 <= 2.1.20130228 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS wp-clone-by-wp-academy <= 2.1.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS tiny-url <= 1.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS thethe-layout-grid <= 1.0.0 XSS in ZeroClipboard. http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS mobileview <= 1.0.7 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS jaspreetchahals-coupons-lite <= 2.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS geshi-source-colorer <= 0.13 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS click-to-copy-grab-box <= 0.1.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS cleeng <= 2.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS bp-code-snippets <= 2.0 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS snazzy-archives <= 1.7.1 XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/10/3 2009-4168 XSS vkontakte-api XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/11/1 2009-4168 XSS Terillion Reviews Cross Site Scripting http://packetstormsecurity.com/files/120730/wpterillionreviews-xss.txt XSS o2s-gallery plugin Cross Site Scripting Vulnerability http://1337day.com/exploit/20516 XSS bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability http://1337day.com/exploit/20518 XSS Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities http://www.exploit-db.com/exploits/24850/ MULTI Occasions Plugin 1.0.4 - CSRF Vulnerability http://www.exploit-db.com/exploits/24858/ CSRF Mathjax Latex 1.1 CSRF Vulnerability http://1337day.com/exploit/20566 CSRF XSS vulnerability on WP-Banners-Lite http://seclists.org/fulldisclosure/2013/Mar/209 http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513 XSS Backupbuddy - sensitive data exposure in importbuddy.php http://seclists.org/fulldisclosure/2013/Mar/206 http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html UNKNOWN WP FuneralPress - Stored XSS in Guestbook http://seclists.org/fulldisclosure/2013/Mar/282 XSS ofc_upload_image.php Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/24492/ UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/24492/ http://secunia.com/advisories/37903 2009-4140 UPLOAD 0.5 ofc_upload_image.php Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/24492/ UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/24492/ UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/24492/ UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/24492/ UPLOAD podPress 8.8.10.13 Cross Site Scripting http://packetstormsecurity.com/files/121011/WordPress-podPress-8.8.10.13-Cross-Site-Scripting.html XSS fbsurveypro XSS Vulnerability http://1337day.com/exploit/20623 XSS timelineoptinpro XSS Vulnerability http://1337day.com/exploit/20620 XSS kioskprox XSS Vulnerability http://1337day.com/exploit/20624 XSS bigcontact SQLI http://plugins.trac.wordpress.org/changeset/689798 SQLI 1.4.7 drawblog CSRF http://plugins.trac.wordpress.org/changeset/691178 CSRF 0.81 social-media-widget malicious code http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot UNKNOWN 4.0.2 facebook-members CSRF https://secunia.com/advisories/52962/ 2013-2703 CSRF 5.0.5 foursquare-checkins CSRF https://secunia.com/advisories/53151/ 2013-2709 CSRF 1.3 formidable Pro Unspecified Vulnerabilities https://secunia.com/advisories/53121/ UNKNOWN 1.06.09 all-in-one-webmaster CSRF https://secunia.com/advisories/52877/ 2013-2696 CSRF 8.2.4 background-music 1.0 jPlayer.swf XSS https://secunia.com/advisories/53057/ XSS haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS https://secunia.com/advisories/51336/ XSS jammer <= 0.2 jPlayer.swf XSS https://secunia.com/advisories/53106/ XSS syntaxhighlighter clipboard.swf XSS https://secunia.com/advisories/53235/ XSS 3.1.6 top-10 CSRF https://secunia.com/advisories/53205/ CSRF 1.9.3 easy-adsense-lite CSRF https://secunia.com/advisories/52953/ 2013-2702 CSRF 6.10 uk-cookie plugin XSS http://osvdb.org/87561 http://seclists.org/bugtraq/2012/Nov/50 2012-5856 XSS uk-cookie CSRF http://www.openwall.com/lists/oss-security/2013/06/06/10 http://osvdb.org/94032 2013-2180 CSRF wp-cleanfix Remote Command Execution, CSRF and XSS https://github.com/wpscanteam/wpscan/issues/186 http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning http://osvdb.org/93450 http://secunia.com/advisories/53395/ http://osvdb.org/93468 2013-2108 2013-2109 MULTI 3.0.2 mail-on-update plugin CSRF http://secunia.com/advisories/53449/ http://www.openwall.com/lists/oss-security/2013/05/16/8 CSRF Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure http://seclists.org/bugtraq/2013/May/5 http://osvdb.org/92904 XXE WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/53321/ CSRF 1.3.2 WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/53279/ CSRF 2.6.2 WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/53122/ CSRF 2.7.2 WordPress WP Print Friendly Plugin Security Bypass Vulnerability http://secunia.com/advisories/53371/ UNKNOWN 0.5.3 WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/52960/ CSRF 1.8.7 WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/52841/ CSRF 1.3.3 WordPress Feedweb Plugin 'wp_post_id' Parameter XSS http://www.securityfocus.com/bid/58771 XSS 1.9 WordPress WP-Print Plugin CSRF http://www.securityfocus.com/bid/58900 CSRF 2.52 WordPress WP-Print Plugin CSRF http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt XSS WordPress WP-DownloadManager Plugin CSRF http://www.securityfocus.com/bid/58937 CSRF 1.61 Digg Digg CSRF http://wordpress.org/plugins/digg-digg/changelog/ http://secunia.com/advisories/53120/ http://osvdb.org/93544 CSRF 5.3.5 SS Quiz Plugin Multiple Unspecified Vulnerabilities http://wordpress.org/plugins/ssquiz/changelog/ http://secunia.com/advisories/53378/ http://osvdb.org/93531 UNKNOWN 2.0 FunCaptcha CSRF http://wordpress.org/extend/plugins/funcaptcha/changelog/ UNKNOWN 0.33 xili-language XSS http://wordpress.org/plugins/xili-language/changelog/ XSS 2.8.6 Security issue which allowed any user to reset settings http://wordpress.org/plugins/wordpress-seo/changelog/ UNKNOWN 1.4.5 CSRF in WordPress underConstruction plugin http://wordpress.org/plugins/underconstruction/changelog/ http://secunia.com/advisories/52881/ http://osvdb.org/93857 2013-2699 CSRF 1.09 ADIF Log Search Widget XSS Arbitrary Vulnerability http://packetstormsecurity.com/files/121777/ADIF-Log-Search-Widget-1.0e-Cross-Site-Scripting.html http://secunia.com/advisories/53599/ http://osvdb.org/93721 XSS FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress http://seclists.org/fulldisclosure/2013/May/216 http://osvdb.org/93799 MULTI FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress http://wordpress.org/plugins/ga-universal/changelog/ XSS 1.0.1 Remote File Inclusion Vulnerability http://secunia.com/advisories/51348/ http://osvdb.org/93715 RFI 2.3 WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/53126/ http://osvdb.org/93873 CSRF Image slider with description Plugin Unspecified Vulnerability http://secunia.com/advisories/53588/ http://osvdb.org/93691 UNKNOWN 7.0 User Role Editor Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/53593/ http://osvdb.org/93699 http://www.exploit-db.com/exploits/25721 CSRF 3.14 EELV Newsletter Plugin Cross-Site Scripting Vulnerability http://secunia.com/advisories/53546/ http://osvdb.org/93685 XSS 3.3.1 Frontier Post Plugin Publishing Posts Security Bypass http://secunia.com/advisories/53474/ http://osvdb.org/93639 UNKNOWN Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities http://secunia.com/advisories/53491/ http://osvdb.org/93591 http://osvdb.org/93593 http://osvdb.org/93594 http://osvdb.org/93595 http://osvdb.org/93596 http://osvdb.org/93597 http://osvdb.org/93598 MULTI Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities http://secunia.com/advisories/53481/ http://osvdb.org/93584 http://osvdb.org/93585 http://osvdb.org/93586 http://osvdb.org/93587 http://osvdb.org/93588 http://osvdb.org/93582 MULTI FPD and Security bypass vulnerabilities in AntiVirus for WordPress http://seclists.org/fulldisclosure/2013/Jun/0 MULTI WP Maintenance Mode Setting Manipulation CSRF http://osvdb.org/94450 CSRF ultimate Auction Auction Creation CSRF http://osvdb.org/94407 CSRF Leaflet Maps Marker Tag Multiple Parameter SQL Injection http://osvdb.org/94388 SQLI 3.5.4 Xorbin Analog Flash Clock 1.0 Flash-based XSS http://advisory.prakharprasad.com/xorbin_afc_wp.txt 2013-4692 XSS Xorbin Digital Flash Clock 1.0 Flash-based XSS http://advisory.prakharprasad.com/xorbin_dfc_wp.txt 2013-4693 XSS Dropdown Menu Widget Script Insertion CSRF http://osvdb.org/94771 CSRF BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS http://osvdb.org/94807 XSS 1.0.2 wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection http://osvdb.org/94702 SQLI Stream Video Player Plugin for WordPress Setting Manipulation CSRF http://osvdb.org/94466 CSRF Duplicator installer.cleanup.php package Parameter XSS http://osvdb.org/95627 2013-4625 XSS 0.4.5 Citizen Space Script Insertion CSRF http://osvdb.org/95570 CSRF 1.1 Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion http://osvdb.org/95557 www.exploit-db.com/exploits/26804 RFI Pie Register wp-login.php Multiple Parameter XSS http://osvdb.org/95160 XSS 1.31 CSRF in admin/setting.php in Xhanch http://secunia.com/advisories/53133 2013-3253 CSRF 2.7.7 CSRF in sexybookmarks http://wordpress.org/plugins/sexybookmarks/changelog/ 2013-3256 CSRF 6.1.5.0