Crayon Syntax Highlighter Remote File Inclusion

Crayon Syntax Highlighter Remote File Inclusion http://secunia.com/advisories/50804/ http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/ RFI UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability http://www.exploit-db.com/exploits/17704/ LFI UnGallery Arbitrary < 2.1.6 Command Execution http://secunia.com/advisories/50875/ http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/ RCE Thank You Counter Button < 1.8.3 XSS http://secunia.com/advisories/50977/ XSS Bookings < 1.8.3 XSS http://secunia.com/advisories/50975/ XSS Cimy User Manager Arbitrary File Disclosure http://secunia.com/advisories/50834/ http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/ UNKNOWN WordPress FireStorm Professional Real Estate Plugin < 2.06.04 "id" SQL Injection Vulnerability http://secunia.com/advisories/51107/ SQLI FireStorm Professional Real Estate Plugin < 2.06.03 Multiple SQL Injection http://secunia.com/advisories/50873/ http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/ SQLI WP125 Multiple XSS http://secunia.com/advisories/50976/ XSS Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities http://secunia.com/advisories/50874/ http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ SQLI BuddyStream XSS http://secunia.com/advisories/50972/ XSS post-views XSS http://secunia.com/advisories/50982/ XSS Floating Social Media Links Remote File Inclusion http://secunia.com/advisories/51346/ http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/ RFI Zingiri Forum Arbitrary File Disclosure http://secunia.com/advisories/50833/ http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/ UNKNOWN Google Document Embedder < 2.5.4 Arbitrary File Disclosure http://www.exploit-db.com/exploits/23970/ http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/ http://secunia.com/advisories/50832/ exploit/unix/webapp/wp_google_document_embedder_exec UNKNOWN extended-user-profile Full Path Disclosure vulnerability http://1337day.com/exploit/20118 FPD superslider-show Full Path Disclosure vulnerability http://1337day.com/exploit/20117 FPD multibox plugin Full Path Disclosure vulnerability http://1337day.com/exploit/20119 FPD OpenInviter Information Disclosure http://packetstormsecurity.com/files/119265/WordPress-OpenInviter-Information-Disclosure.html UNKNOWN RokBox Multiple Vulnerabilities http://1337day.com/exploit/19981 MULTI grou-random-image-widget Full Path Disclosure http://1337day.com/exploit/20047 FPD sintic_gallery Arbitrary File Upload Vulnerability http://1337day.com/exploit/19993 UPLOAD sintic_gallery Path Disclosure Vulnerability http://1337day.com/exploit/20020 FPD WP-UserOnline Full Path Disclosure http://seclists.org/fulldisclosure/2010/Jul/8 FPD Wp-UserOnline <= 0.62 Persistent XSS http://seclists.org/fulldisclosure/2010/Jul/8 XSS Shopping Cart <, 8.1.15 Shell Upload / SQL Injection http://packetstormsecurity.com/files/119217/wplevelfour-sqlshell.txt http://secunia.com/advisories/51690/ MULTI ReFlex Gallery <= 1.4 Shell Upload http://packetstormsecurity.com/files/119218/wpreflexgallery-shell.txt UPLOAD Uploader 1.0.4 Shell Upload http://packetstormsecurity.com/files/119219/wpuploader104-shell.txt UPLOAD Xerte Online 0.32 Shell Upload http://packetstormsecurity.com/files/119220/wpxerteonline-shell.txt UPLOAD Advanced Custom Fields <= 3.5.1 Remote File Inclusion http://packetstormsecurity.com/files/119221/wp_advanced_custom_fields_exec.rb.txt http://secunia.com/advisories/51037/ exploit/unix/webapp/wp_advanced_custom_fields_exec RFI Wordpress sitepress-multilingual-cms Full Path Disclosure http://1337day.com/exploit/20067 FPD Asset Manager 0.2 Arbitrary File Upload http://www.exploit-db.com/exploits/18993/ UPLOAD WordPress plugin Asset manager upload.php Arbitrary Code Execution http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS powerzoomer Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20253 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html http://secunia.com/advisories/51224/ XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-3dflick-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20255 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html http://secunia.com/advisories/51250/ XSS WordPress Carousel Slideshow Plugin < 3.10 Unspecified Vulnerabilities http://secunia.com/advisories/50377/ UNKNOWN SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-homepage-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20260 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-image-news-slider Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20259 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS WordPress Image News slider Plugin < 3.4 Unspecified Vulnerabilities http://secunia.com/advisories/50390/ UNKNOWN wp-levoslideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20250 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-powerplaygallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20252 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-royal-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20261 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp superb Slideshow Full Path Disclosure http://1337day.com/exploit/19979 FPD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Ajax Post Search < 1.3 Sql Injection http://seclists.org/bugtraq/2012/Nov/33 http://secunia.com/advisories/51205/ http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html SQLI Answer My Question 1.1 Multiple XSS http://www.securityfocus.com/archive/1/524625/30/0/threaded http://secunia.com/advisories/50655/ XSS Catalog HTML Code Injection and Cross-site scripting http://packetstormsecurity.org/files/117820/wpcatalog-xss.txt http://secunia.com/advisories/51143/ MULTI Wordfence 3.3.5 XSS and IAA http://seclists.org/fulldisclosure/2012/Oct/139 http://secunia.com/advisories/51055/ MULTI Slideshow jQuery Image Gallery Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html MULTI WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities http://secunia.com/advisories/51135/ XSS Social Discussions Multiple Vulnerabilities http://www.waraxe.us/advisory-93.html MULTI ABtest Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 UNKNOWN BBPress SQL Injection / Path Disclosure http://packetstormsecurity.org/files/116123 MULTI NextGen Cu3er Gallery Information Disclosure http://packetstormsecurity.org/files/116150 UNKNOWN Rich Widget File Upload http://packetstormsecurity.org/files/115787/wprichwidget-shell.txt UPLOAD Monsters Editor Shell Upload http://packetstormsecurity.org/files/115788/wpmonsters-shell.txt UPLOAD Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 XSS ThreeWP Email Reflector 1.13 Stored XSS http://www.exploit-db.com/exploits/20365/ XSS SimpleMail 1.0.6 Stored XSS http://www.exploit-db.com/exploits/20361/ http://secunia.com/advisories/50208/ XSS Postie 1.4.3 Stored XSS http://www.exploit-db.com/exploits/20360/ http://secunia.com/advisories/50207/ XSS RSVPMaker v2.5.4 Persistent XSS http://www.exploit-db.com/exploits/20474/ http://secunia.com/advisories/50289/ XSS Mz-jajak <= 2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/20416/ http://secunia.com/advisories/50217/ SQLI Resume Submissions Job Posting v2.5.1 Unrestricted File Upload http://www.packetstormsecurity.org/files/114716 UPLOAD WP-Predict v1.0 Blind SQL Injection http://www.exploit-db.com/exploits/19715/ SQLI Backup Plugin < 2.1 Information Disclosure http://www.exploit-db.com/exploits/19524/ http://secunia.com/advisories/50038/ UNKNOWN MoodThingy Widget v0.8.7 Blind SQL Injection http://www.exploit-db.com/exploits/19572/ SQLI Paid Business Listings v1.0.2 Blind SQL Injection http://www.exploit-db.com/exploits/19481/ SQLI Website FAQ Plugin v1.0 SQL Injection http://www.exploit-db.com/exploits/19400/ SQLI Fancy Gallery 1.2.4 Shell Upload http://packetstormsecurity.org/files/114114/ UPLOAD Flip Book 1.0 Shell Upload http://packetstormsecurity.org/files/114112/ UPLOAD Ajax Multi Upload 1.1 Shell Upload http://packetstormsecurity.org/files/114109/ UPLOAD Schreikasten 0.14.13 XSS http://www.exploit-db.com/exploits/19294/ XSS Wordpress Automatic 2.0.3 CSRF http://packetstormsecurity.org/files/113763/ CSRF VideoWhisper Video Conference 4.51 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113580/ UPLOAD Auctions Plugin 2.0.1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113568/ UPLOAD LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113844/ UPLOAD Lim4wp 1.1.1 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113846/ UPLOAD Wp-ImageZoom 1.0.3 Remote File Disclosure http://packetstormsecurity.org/files/113845/ UNKNOWN Invit0r 0.22 Shell Upload http://packetstormsecurity.org/files/113639/ UPLOAD Annonces 1.2.0.1 Shell Upload http://packetstormsecurity.org/files/113637/ UPLOAD Contus Video Gallery 1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113571/ UPLOAD Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17678/ SQLI Contus HD FLV Player 1.7 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113570/ UPLOAD User Meta Version 1.1.1 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19052/ UPLOAD Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19053/ UPLOAD SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19054/ UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19055/ UPLOAD PICA Photo Gallery 1.0 Remote File Disclosure http://www.exploit-db.com/exploits/19016/ UNKNOWN SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues http://secunia.com/advisories/49923/ AUTHBYPASS WordPress Mac Photo Gallery Plugin < 3.0 Multiple Script Insertion Vulnerabilities http://secunia.com/advisories/49836/ XSS Mac Photo Gallery 2.7 Arbitrary File Upload http://www.exploit-db.com/exploits/19056/ UPLOAD drag and drop file upload 0.1 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19057/ UPLOAD Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19058/ UPLOAD wp-gpx-max version 1.1.21 Arbitrary File Upload http://www.exploit-db.com/exploits/19050/ UPLOAD Front File Manager Plugin 0.1 Arbitrary File Upload http://www.exploit-db.com/exploits/19012/ UPLOAD Front End Upload 0.5.3 Arbitrary File Upload http://www.exploit-db.com/exploits/19008/ UPLOAD Front End Upload v0.5.4 Arbitrary PHP File Upload http://www.exploit-db.com/exploits/20083/ UPLOAD Omni Secure Files 0.1.13 Arbitrary File Upload http://www.exploit-db.com/exploits/19009/ UPLOAD Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability http://www.exploit-db.com/exploits/19013/ UNKNOWN Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/19018/ UNKNOWN RBX Gallery 2.1 Arbitrary File Upload http://www.exploit-db.com/exploits/19019/ UPLOAD Simple Download Button Shortcode 1.0 Remote File Disclosure http://www.exploit-db.com/exploits/19020/ UNKNOWN Thinkun Remind 1.1.3 Remote File Disclosure http://www.exploit-db.com/exploits/19021/ UNKNOWN Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure http://www.exploit-db.com/exploits/19022/ UNKNOWN wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload http://www.exploit-db.com/exploits/19023/ UPLOAD Gallery 3.06 Arbitrary File Upload http://www.exploit-db.com/exploits/18998/ UPLOAD Font Uploader 1.2.4 Arbitrary File Upload http://www.exploit-db.com/exploits/18994/ UPLOAD WP-Property 1.35.0 Arbitrary File Upload http://www.exploit-db.com/exploits/18987/ UPLOAD WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload http://www.exploit-db.com/exploits/18988/ UPLOAD Google Maps via Store Locator Multiple Vulnerabilities http://www.exploit-db.com/exploits/18989/ MULTI store-locator-le < 3.8.7 SQL Injection http://secunia.com/advisories/51757/ SQLI HTML5 AV Manager 0.2.7 Arbitrary File Upload http://www.exploit-db.com/exploits/18990/ UPLOAD Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/, http://www.exploit-db.com/exploits/19100/ UPLOAD FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection http://packetstormsecurity.org/files/117768 http://secunia.com/advisories/51109/ MULTI Track That Stat <= 1.0.8 Cross Site Scripting http://packetstormsecurity.org/files/112722/ XSS WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting http://packetstormsecurity.org/files/112658/ XSS Survey And Quiz Tool <= 2.9.2 Cross Site Scripting http://packetstormsecurity.org/files/112685/ XSS WP Statistics <= 2.2.4 Cross Site Scripting http://packetstormsecurity.org/files/112686/ XSS WP Easy Gallery <= 1.7 Cross Site Scripting http://packetstormsecurity.org/files/112687/ XSS Subscribe2 <= 8.0 Cross Site Scripting http://packetstormsecurity.org/files/112688/ XSS Soundcloud Is Gold <= 2.1 Cross Site Scripting http://packetstormsecurity.org/files/112689/ XSS Sharebar <= 1.2.1 SQL Injection / Cross Site Scripting http://packetstormsecurity.org/files/112690/ MULTI Share And Follow <= 1.80.3 Cross Site Scripting http://packetstormsecurity.org/files/112691/ XSS SABRE <= 1.2.0 Cross Site Scripting http://packetstormsecurity.org/files/112692/ XSS Pretty Link Lite <= 1.5.2 Cross Site Scripting http://packetstormsecurity.org/files/112693/ XSS Pretty Link Lite <= 1.6.1 Cross Site Scripting http://secunia.com/advisories/50980/ XSS Newsletter Manager <= 1.0 Cross Site Scripting http://packetstormsecurity.org/files/112694/ XSS Network Publisher <= 5.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112695/ XSS LeagueManager <= 3.7 Cross Site Scripting http://packetstormsecurity.org/files/112698/ http://secunia.com/advisories/49949/ XSS Leaflet <= 0.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112699/ XSS PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting http://packetstormsecurity.org/files/112700/ XSS IFrame Admin Pages <= 0.1 Cross Site Scripting http://packetstormsecurity.org/files/112701/ XSS EZPZ One Click Backup <= 12.03.10 Cross Site Scripting http://packetstormsecurity.org/files/112705/ XSS Dynamic Widgets <= 1.5.1 Cross Site Scripting http://packetstormsecurity.org/files/112706/ XSS Download Monitor <= 3.3.5.7 Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html http://secunia.com/advisories/50511/ XSS Download Monitor <= 3.3.5.4 Cross Site Scripting http://packetstormsecurity.org/files/112707/ XSS Download Manager <= 2.2 Cross Site Scripting http://packetstormsecurity.org/files/112708/ XSS Code Styling Localization <= 1.99.16 Cross Site Scripting http://packetstormsecurity.org/files/112709/ XSS Catablog <= 1.6 Cross Site Scripting http://packetstormsecurity.org/files/112619/ XSS Bad Behavior <= 2.24 Cross Site Scripting http://packetstormsecurity.org/files/112619/ XSS BulletProof Security <= 0.47 Cross Site Scripting http://packetstormsecurity.org/files/112618/ XSS Better WP Security v3.4.3 http://seclists.org/bugtraq/2012/Oct/9 XSS Better WP Security <= 3.2.4 Cross Site Scripting http://packetstormsecurity.org/files/112617/ XSS Custom Contact Forms <= 5.0.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112616/ XSS 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting http://packetstormsecurity.org/files/112615/ XSS 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting http://packetstormsecurity.org/files/112711/ XSS Login With Ajax plugin < 3.0.4.1 Cross Site Scripting http://secunia.com/advisories/49013/ XSS Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17628/ SQLI Media Library Categories plugin <= 1.1.1 Cross Site Scripting http://packetstormsecurity.org/files/112697/ SQLI FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload http://packetstormsecurity.org/files/111319/ RFI WordPress Zingiri Web Shop Plugin < 2.4.8 Cookie SQL Injection Vulnerability http://secunia.com/advisories/49398/ SQLI Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities http://www.exploit-db.com/exploits/18787/ http://secunia.com/advisories/48991/ XSS Zingiri Web Shop <= 2.3.5 Cross Site Scripting http://packetstormsecurity.org/files/112684/ XSS Zingiri Web Shop 2.4.3 Shell Upload http://packetstormsecurity.org/files/113668/ UPLOAD Organizer 1.2.1 Cross Site Scripting / Path Disclosure http://packetstormsecurity.org/files/112086, http://packetstormsecurity.org/files/113800 MULTI Zingiri Tickets plugin File Disclosure http://packetstormsecurity.org/files/111904 UNKNOWN XSS vulnerability in CMS Tree Page View Plugin https://www.htbridge.com/advisory/HTB23083 XSS Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress http://seclists.org/bugtraq/2012/Apr/70 XSS Buddypress <= 1.5.5 SQL Injection http://www.exploit-db.com/exploits/18690/ SQLI Register Plus Redux <= 3.8.3 Cross Site Scripting http://packetstormsecurity.org/files/111367 XSS Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability http://packetstormsecurity.org/files/110103 UPLOAD Kish Guest Posting 1.0 Arbitrary File Upload http://www.exploit-db.com/exploits/18412/ RFI AllWebMenus Shell Upload <= 1.1.9 Shell Upload http://packetstormsecurity.org/files/108946/ RFI AllWebMenus 1.1.3 Remote File Inclusion http://www.exploit-db.com/exploits/17861/ RFI Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting http://packetstormsecurity.org/files/108914/ XSS uCan Post plugin <= 1.0.09 Stored XSS http://www.exploit-db.com/exploits/18390/ XSS WP Cycle Playlist plugin Multiple Vulnerabilities http://1337day.com/exploits/17396 MULTI myEASYbackup 1.0.8.1 Directory Traversal http://packetstormsecurity.org/files/108711 UNKNOWN Count Per Day 3.2.3 Cross Site Scripting http://packetstormsecurity.org/files/115904 XSS Count Per Day 3.1.1 Cross Site Scripting http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt XSS Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/18355/ MULTI Count per Day plugin <= 2.17 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17857/ SQLI WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability http://1337day.com/exploits/17368 SQLI Age Verification plugin <= 0.4 Open Redirect http://www.exploit-db.com/exploits/18350 REDIRECT Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting http://packetstormsecurity.org/files/108470 XSS Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/18330/ MULTI Whois Search <= 1.4.2 Cross Site Scripting http://packetstormsecurity.org/files/108271 XSS BLIND SQL injection UPM-POLLS plugin 1.0.4 http://www.exploit-db.com/exploits/18231/ SQLI Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ XSS Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html XSS Link Library plugin <= 5.2.1 SQL Injection http://www.exploit-db.com/exploits/17887/ SQLI CevherShare 2.0 plugin SQL Injection Vulnerability http://www.exploit-db.com/exploits/17891/ SQLI WP Glossary plugin SQL Injection Vulnerability http://www.exploit-db.com/exploits/18055/ SQLI meenews 5.1 plugin Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 XSS Click Desk Live Support Chat < 2.0 Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 XSS adminimize 1.7.21 Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 XSS Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 XSS MM Duplicate plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17707/ SQLI Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17689/ SQLI Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17688/ SQLI Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17687/ SQLI Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17686/ SQLI WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17683/ SQLI OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17681/ SQLI Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17680/ SQLI WP Symposium plugin <= 0.64 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17679/ SQLI WP Symposium plugin <= 12.12 Multiple SQL Injection Vulnerabilities http://secunia.com/advisories/50674/ SQLI File Groups plugin <= 1.1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17677/ SQLI IP-Logger plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17673/ SQLI Beer Recipes v.1.0 XSS http://www.exploit-db.com/exploits/17453/ SQLI Is-human <=1.4.2 Remote Command Execution Vulnerability http://www.exploit-db.com/exploits/17299/ RCE EditorMonkey plugin (FCKeditor) Arbitrary File Upload http://www.exploit-db.com/exploits/17284/ UPLOAD SermonBrowser 0.43 SQL Injection http://www.exploit-db.com/exploits/17214/ SQLI Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities http://www.exploit-db.com/exploits/17207/ MULTI WP Custom Pages 0.5.0.1 LFI Vulnerability http://www.exploit-db.com/exploits/17119/ LFI WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities http://secunia.com/advisories/51100/ MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities http://packetstormsecurity.org/files/117665/ http://www.waraxe.us/advisory-94.html http://secunia.com/advisories/51601/ MULTI GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16947/ MULTI GRAND Flash Album Gallery <= 1.56 XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS GRAND Flash Album Gallery <= 1.71 XSS Vulnerability http://packetstormsecurity.org/files/112704 XSS PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit http://www.exploit-db.com/exploits/16273/ RCE OPS Old Post Spinner 2.2.1 LFI Vulnerability http://www.exploit-db.com/exploits/16251/ LFI jQuery Mega Menu 1.0 Local File Inclusion http://www.exploit-db.com/exploits/16250/ LFI IWantOneButton 3.0.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16236/ MULTI WP Forum Server 1.6.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/16235/ SQLI WP Forum Server plugin <= 1.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17828/ SQLI WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities http://www.packetstormsecurity.org/files/112703 MULTI Relevanssi 2.7.2 Stored XSS Vulnerability http://www.exploit-db.com/exploits/16233/ XSS GigPress 2.1.10 Stored XSS Vulnerability http://www.exploit-db.com/exploits/16232/ XSS Comment Rating 2.9.23 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16221/ MULTI Z-Vote 1.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/16218/ SQLI User Photo Component Remote File Upload Vulnerability http://www.exploit-db.com/exploits/16181/ UPLOAD Enable Media Replace Multiple Vulnerabilities http://www.exploit-db.com/exploits/16144/ MULTI Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection http://packetstormsecurity.org/files/108915/ MULTI Mingle Forum plugin <= 1.0.31 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17894/ SQLI Mingle Forum (Plugin) <= 1.0.26 Multiple Vulnerabilities http://www.exploit-db.com/exploits/15943/ MULTI Mingle Forum <= 1.0.33 Cross Site Scripting http://packetstormsecurity.org/files/112696/ MULTI Accept Signups 0.1 XSS http://www.exploit-db.com/exploits/15808/ XSS Events Manager Extended Persistent XSS Vulnerability http://www.exploit-db.com/exploits/14923/ XSS NextGEN Smooth Gallery Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/14541/ SQLI myLDlinker SQL Injection Vulnerability http://www.exploit-db.com/exploits/14441/ SQLI Firestats Remote Configuration File Download http://www.exploit-db.com/exploits/14308/ UNKNOWN Simple:Press SQL Injection Vulnerability http://www.exploit-db.com/exploits/14198/ SQLI Vulnerabilities in Cimy Counter for WordPress http://www.exploit-db.com/exploits/14057/ MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html http://secunia.com/advisories/51271/ XSS XSS in NextGEN Gallery <= 1.5.1 http://www.exploit-db.com/exploits/12098/ XSS Copperleaf Photolog SQL injection http://www.exploit-db.com/exploits/11458/ SQLI Events SQL Injection Vulnerability http://www.exploit-db.com/exploits/10929/ SQLI Image Manager Plugins Shell Upload Vulnerability http://www.exploit-db.com/exploits/10325/ UPLOAD Vulnerabilities in WP-Cumulus <= 1.20 for WordPress http://www.exploit-db.com/exploits/10228/ MULTI WP-Cumulus < 1.23 Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340 XSS WP-Syntax <= 0.9.1 Remote Command Execution http://www.exploit-db.com/exploits/9431/ RCE My Category Order <= 2.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/9150/ SQLI Related Sites 2.1 Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/9054/ SQLI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS DM Albums 1.9.2 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/9048/ LFI DM Albums 1.9.2 Remote File Inclusion Vuln http://www.exploit-db.com/exploits/9043/ RFI Photoracer 1.0 (id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/8961/ SQLI Photoracer plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17720/ SQLI Photoracer plugin <= 1.0 Multiple Vulnerabilities http://www.exploit-db.com/exploits/17731/ MULTI Lytebox (wp-lytebox) Local File Inclusion Vulnerability http://www.exploit-db.com/exploits/8791/ LFI fMoblog 2.1 (id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/8229/ SQLI Page Flip Image Gallery <= 0.2.2 Remote FD Vuln http://www.exploit-db.com/exploits/7543/ LFI e-Commerce <= 3.4 Arbitrary File Upload Exploit http://www.exploit-db.com/exploits/6867/ UPLOAD Download Manager 0.2 Arbitrary File Upload Exploit http://www.exploit-db.com/exploits/6127/ UPLOAD Spreadsheet <= 0.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5486/ SQLI Download (dl_id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/5326/ SQLI Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities http://www.exploit-db.com/exploits/5194/ MULTI Photo album Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5135/ SQLI Simple Forum 2.0-2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5126/ SQLI Simple Forum 1.10-1.11 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5127/ SQLI st_newsletter Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5053/ SQLI st_newsletter (stnl_iframe.php) SQL Injection Vuln http://www.exploit-db.com/exploits/6777/ SQLI Wordspew Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5039/ SQLI dmsguestbook 1.7.0 Multiple Remote Vulnerabilities http://www.exploit-db.com/exploits/5035/ MULTI WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit http://www.exploit-db.com/exploits/5017/ SQLI Adserve 0.2 adclick.php SQL Injection Exploit http://www.exploit-db.com/exploits/5013/ SQLI plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability http://www.exploit-db.com/exploits/4993/ SQLI WP-Cal 0.3 editevent.php SQL Injection Vulnerability http://www.exploit-db.com/exploits/4992/ SQLI plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/4939/ SQLI plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/7738/ SQLI Wp-FileManager 1.2 Remote Upload Vulnerability http://www.exploit-db.com/exploits/4844/ UPLOAD PictPress <= 0.91 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/4695/ LFI BackUp <= 0.4.2b RFI Vulnerability http://www.exploit-db.com/exploits/4593/ RFI plugin myflash <= 1.00 (wppath) RFI Vulnerability http://www.exploit-db.com/exploits/3828/ RFI plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability http://www.exploit-db.com/exploits/3825/ RFI plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability http://www.exploit-db.com/exploits/3824/ RFI myGallery <= 1.4b4 Remote File Inclusion Vulnerability http://www.exploit-db.com/exploits/3814/ RFI SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/17716/ SQLI Js-appointment plugin <= 1.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17724/ SQLI MM Forms Community <= 1.2.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17725/ SQLI MM Forms Community 2.2.6 Arbitrary File Upload http://www.exploit-db.com/exploits/18997/ UPLOAD Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17728/ SQLI Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17729/ SQLI Oqey Headers plugin <= 0.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17730/ SQLI Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17737/ SQLI Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17738/ SQLI Evarisk 5.1.5.4 Shell Upload http://packetstormsecurity.org/files/113638/ UPLOAD Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17739/ SQLI mySTAT plugin <= 2.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17740/ SQLI SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17748/ SQLI iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17749/ SQLI Advertizer plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17750/ SQLI Event Registration plugin <= 5.44 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17814/ SQLI Event Registration plugin <= 5.43 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17751/ SQLI Event Registration 5.32 SQL Injection Vulnerability http://www.exploit-db.com/exploits/15513/ SQLI Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17755/ SQLI wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17756/ SQLI WordPress yolink Search Plugin < 2.6 "s" Cross-Site Scripting Vulnerability http://secunia.com/advisories/52030/ XSS yolink Search plugin <= 1.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17757/ SQLI PureHTML plugin <= 1.0.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17758/ SQLI Couponer plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17759/ SQLI grapefile plugin <= 1.1 Arbitrary File Upload http://www.exploit-db.com/exploits/17760/ UPLOAD image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection http://www.exploit-db.com/exploits/17761/ MULTI Donation plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17763/ SQLI WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17764/ SQLI WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17906/ SQLI SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17767/ SQLI VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17771/ SQLI Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17773/ SQLI Zotpress plugin <= 4.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17778/ SQLI oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17779/ SQLI Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17789/ SQLI post highlights plugin <= 2.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17790/ SQLI KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17791/ SQLI SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17793/ SQLI Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability http://www.exploit-db.com/exploits/17794/ SQLI Paid Downloads plugin <= 2.01 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17797/ SQLI Community Events plugin <= 1.2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17798/ SQLI 1 Flash Gallery Arbiraty File Upload Exploit (MSF) http://www.exploit-db.com/exploits/17801/ UPLOAD WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17808/ SQLI WordPress WP-Filebase Plugin < 0.2.9.25 Unspecified Vulnerabilities http://secunia.com/advisories/51269/ UNKNOWN A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17809/ SQLI WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17832/ SQLI Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/17858/ LFI TheCartPress <= 1.6 Cross Site Sripting http://packetstormsecurity.org/files/108272/ XSS TheCartPress 1.1.1 Remote File Inclusion http://www.exploit-db.com/exploits/17860/ RFI WPEasyStats 1.8 Remote File Inclusion http://www.exploit-db.com/exploits/17862/ RFI Annonces 1.2.0.0 Remote File Inclusion http://www.exploit-db.com/exploits/17863/ RFI Livesig 0.4 Remote File Inclusion http://www.exploit-db.com/exploits/17864/ RFI Disclosure Policy 1.0 Remote File Inclusion http://www.exploit-db.com/exploits/17865/ RFI Mailing List 1.3.2 Remote File Inclusion http://www.exploit-db.com/exploits/17866/ RFI Mailing List < 1.4.1 Arbitrary file download http://www.exploit-db.com/exploits/18276/ UNKNOWN Zingiri Web Shop 2.2.0 Remote File Inclusion http://www.exploit-db.com/exploits/17867/ RFI Zingiri Web Shop <= 2.2.3 Remote Code Execution http://www.exploit-db.com/exploits/18111/ RCE Mini Mail Dashboard Widget 1.36 Remote File Inclusion http://www.exploit-db.com/exploits/17868/ RFI Mini Mail Dashboard Widget 1.42 Stored XSS http://www.exploit-db.com/exploits/20358/ XSS Relocate Upload 0.14 Remote File Inclusion http://www.exploit-db.com/exploits/17869/ RFI Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Auto Attachments plugin 0.2.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD WP Marketplace plugin 1.1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD DP Thumbnail plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Vk Gallery plugin 1.1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD CAC Featured Content plugin 0.8 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Rent A Car plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD LISL Last Image Slider plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Islidex plugin 2.7 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Kino Gallery plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Cms Pack plugin 1.3 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD A Gallery plugin 0.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Category List Portfolio Page plugin 0.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Really Easy Slider plugin 0.1 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD User Avatar plugin 1.3.7 shell upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Extend plugin 1.3.7 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD AdRotate plugin <= 3.6.5 SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI AdRotate plugin <= 3.6.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/18114/ SQLI WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability http://www.exploit-db.com/exploits/17970/ SQLI WordPress GD Star Rating Plugin < 1.9.19 Export Security Bypass Security Issue http://secunia.com/advisories/49850/ AUTHBYPASS GD Star Rating plugin <= 1.9.16 Cross Site Scripting http://www.packetstormsecurity.org/files/112702 XSS GD Star Rating plugin <= 1.9.10 SQL Injection http://www.exploit-db.com/exploits/17973/ SQLI Contact Form plugin <= 2.7.5 SQL Injection http://www.exploit-db.com/exploits/17980/ SQLI WP Photo Album Plus <= 4.1.1 SQL Injection http://www.exploit-db.com/exploits/17983/ SQLI WP Photo Album Plus <= 4.8.12 Cross-Site Scripting http://secunia.com/advisories/51679/ XSS WP Photo Album Plus < 4.9.1 Full Path Disclosure http://1337day.com/exploit/20125 FPD WP Photo Album Plus < 4.9.3 XSS http://secunia.com/advisories/51829/ XSS WP Photo Album Plus < 4.9.3 XSS http://secunia.com/advisories/51669/ XSS BackWPUp 2.1.4 Code Execution http://www.exploit-db.com/exploits/17987/ RCE plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability http://osvdb.org/show/osvdb/71481 RCE portable-phpMyAdmin < 1.3.1 Authentication Bypass http://www.exploit-db.com/exploits/23356 http://secunia.com/advisories/51520/ AUTHBYPASS super-refer-a-friend < 1.0 Full Path Disclosure http://1337day.com/exploit/20126 FPD W3-Total-Cache 0.9.2.4 (or before) Username and Hash Extract http://seclists.org/fulldisclosure/2012/Dec/242 https://github.com/FireFart/W3TotalCacheExploit auxiliary/gather/wp_w3_total_cache_hash_extract UNKNOWN ripe-hd-player 1.0 SQL Injection http://www.exploit-db.com/exploits/24229/ SQLI ripe-hd-player 1.0 Full Path Disclosure http://www.exploit-db.com/exploits/24229/ FPD floating-tweets persistent XSS http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt http://websecurity.com.ua/6023/ XSS floating-tweets directory traversal http://packetstormsecurity.com/files/119499/floatingtweets-xsstraversal.txt http://websecurity.com.ua/6023/ UNKNOWN ipfeuilledechou SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploits/20206 SQLI Simple Login Log Plugin < 0.9.4 XSS http://secunia.com/advisories/51780/ XSS Simple Login Log Plugin < 0.9.4 SQL Injection http://secunia.com/advisories/51780/ SQLI wp-slimstat < 2.8.5 XSS http://secunia.com/advisories/51721/ XSS browser-rejector < 2.11 Remote and Local File Inclusion http://secunia.com/advisories/51739/ LFI WordPress File Uploader Plugin PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ UPLOAD WordPress Poll Plugin < 34.06 Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51925/ CSRF Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin http://secunia.com/advisories/51942/ http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html http://seclists.org/bugtraq/2013/Jan/86 SQLI WordPress Poll Plugin < 33.6 Multiple SQL Injection Vulnerabilities http://secunia.com/advisories/50910/ SQLI Wordpress Developer Formatter CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 http://secunia.com/advisories/51912/ MULTI WordPress DVS Custom Notification Plugin < 1.0.1 Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51531/ CSRF WordPress Events Manager Plugin < 5.3.4 Multiple Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/51869/ XSS WordPress SolveMedia < 1.1.1 CSRF Vulnerability http://1337day.com/exploit/20222 http://secunia.com/advisories/51927/ CSRF WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities http://secunia.com/advisories/51581/ MULTI WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51543/ CSRF WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability http://secunia.com/advisories/51419/ XSS WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability http://secunia.com/advisories/51385/ XSS WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability http://secunia.com/advisories/51384/ XSS WordPress vTiger CRM Lead Capture Plugin < 1.1.0 Unspecified Vulnerability http://secunia.com/advisories/51305/ UNKNOWN WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50982/ XSS WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/51082/ CSRF SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin < 2.2.1 https://www.htbridge.com/advisory/HTB23140 SQLI WordPress Wysija Newsletters Plugin < 2.1.7 swfupload Cross-Site Scripting Vulnerability http://secunia.com/advisories/51249/ http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability http://secunia.com/advisories/51179/ SQLI WordPress Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50981/ XSS Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability http://1337day.com/exploit/20239 SQLI WordPress Zingiri Form Builder Plugin < 1.2.1 "error" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50983/ XSS WordPress White Label CMS Plugin < 1.5.1 Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50487/ CSRF Wordpress Download Shortcode Plugin < 0.2.1 "file" Arbitrary File Disclosure Vulnerability http://secunia.com/advisories/50924/ LFI WordPress Crayon Syntax Highlighter Plugin < 1.13"wp_load" Remote File Inclusion Vulnerability http://secunia.com/advisories/50804/ RFI WordPress eShop Magic Plugin < 0.2 "file" Arbitrary File Disclosure Vulnerability http://secunia.com/advisories/50933/ LFI WordPress Pinterest "Pin It" Button Lite Plugin < 1.4.0 Multiple Unspecified Vulnerabilities http://secunia.com/advisories/50868/ MULTI WordPress CSS Plus Plugin < 1.3.2 Unspecified Vulnerabilities http://secunia.com/advisories/50793/ UNKNOWN WordPress Multisite Plugin Manager Plugin < 3.1.2 Two Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50762/ XSS WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability http://secunia.com/advisories/50608/ XSS Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50722/ XSS WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50709/ CSRF WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50717/ CSRF WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability http://secunia.com/advisories/50571/ XSS WordPress WP-TopBar Plugin < 4.0.3 Cross-Site Request Forgery Vulnerability http://secunia.com/advisories/50693/ CSRF WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities http://secunia.com/advisories/50466/ SQLI WordPress Cloudsafe365 Plugin < 1.47 Multiple Vulnerabilities http://secunia.com/advisories/50392/ MULTI WordPress Vitamin Plugin < 1.1 Two Arbitrary File Disclosure Vulnerabilities http://secunia.com/advisories/50176/ LFI WordPress Featured Post with thumbnail Plugin < 1.5 Unspecified timthumb Vulnerability http://secunia.com/advisories/50161/ UNKNOWN WordPress WP Lead Management Plugin Script Insertion Vulnerabilities http://secunia.com/advisories/50166/ XSS WordPress XVE Various Embed Plugin JW Player < 1.0.4 Multiple Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50173/ XSS WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities http://secunia.com/advisories/50100/ AUTHBYPASS WordPress Backend Localization Plugin < 2.0 Cross-Site Scripting Vulnerabilities http://secunia.com/advisories/50099/ XSS WordPress Flexi Quote Rotator Plugin < 0.9.2 Cross-Site Request Forgery and SQL Injection Vulnerabilities http://secunia.com/advisories/49910/ MULTI WordPress Get Off Malicious Scripts < 1.2.07.20 Cross-Site Scripting Vulnerability http://secunia.com/advisories/50030/ XSS WordPress Cimy User Extra Fields Plugin < 2.3.9 Arbitrary File Upload Vulnerability http://secunia.com/advisories/49975/ UPLOAD WordPress Nmedia Users File Uploader Plugin < 2.0 Arbitrary File Upload Vulnerability http://secunia.com/advisories/49996/ UPLOAD wp-explorer-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20251 UPLOAD accordion Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20254 UPLOAD wp-catpro Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20256 UPLOAD Wordpress RLSWordPressSearch plugin SQL Injection http://www.exploit-db.com/exploits/24440/ SQLI wordpress-simple-shout-box Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013010235 SQLI Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013010236 SQLI WordPress Simple History Plugin < 1.0.8 RSS Feed "rss_secret" Disclosure Weakness http://secunia.com/advisories/51998/ UNKNOWN WordPress p1m media manager plugin SQL Injection Vulnerability http://www.1337day.com/exploit/20270 SQLI Wordpress wp-table-reloaded plugin < 1.9.4 cross-site scripting in SWF http://packetstormsecurity.com/files/119968/wptablereloaded-xss.txt http://secunia.com/advisories/52027/ XSS WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability http://secunia.com/advisories/51347/ RFI Wordpress plugins ForumConverter SQL Injection Vulnerability http://www.1337day.com/exploit/20275 SQLI WordPress plugins Newsletter SQL Injection Vulnerability http://www.1337day.com/exploit/20287 SQLI Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin https://www.htbridge.com/advisory/HTB23138 XSS