Rich Widget File Upload

Rich Widget File Upload http://packetstormsecurity.org/files/115787/wprichwidget-shell.txt UPLOAD Monsters Editor Shell Upload http://packetstormsecurity.org/files/115788/wpmonsters-shell.txt UPLOAD Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 XSS ThreeWP Email Reflector 1.13 Stored XSS http://www.exploit-db.com/exploits/20365/ XSS SimpleMail 1.0.6 Stored XSS http://www.exploit-db.com/exploits/20361/ XSS Postie 1.4.3 Stored XSS http://www.exploit-db.com/exploits/20360/ XSS RSVPMaker v2.5.4 Persistent XSS http://www.exploit-db.com/exploits/20474/ XSS Mz-jajak <= 2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/20416/ SQLI Resume Submissions Job Posting v2.5.1 Unrestricted File Upload http://www.packetstormsecurity.org/files/114716 UPLOAD WP-Predict v1.0 Blind SQL Injection http://www.exploit-db.com/exploits/19715/ SQLI Backup Plugin 2.0.1 Information Disclosure http://www.exploit-db.com/exploits/19524/ UNKNOWN MoodThingy Widget v0.8.7 Blind SQL Injection http://www.exploit-db.com/exploits/19572/ SQLI Paid Business Listings v1.0.2 Blind SQL Injection http://www.exploit-db.com/exploits/19481/ SQLI Website FAQ Plugin v1.0 SQL Injection http://www.exploit-db.com/exploits/19400/ SQLI Fancy Gallery 1.2.4 Shell Upload http://packetstormsecurity.org/files/114114/ UPLOAD Flip Book 1.0 Shell Upload http://packetstormsecurity.org/files/114112/ UPLOAD Ajax Multi Upload 1.1 Shell Upload http://packetstormsecurity.org/files/114109/ UPLOAD Schreikasten 0.14.13 XSS http://www.exploit-db.com/exploits/19294/ XSS Wordpress Automatic 2.0.3 CSRF http://packetstormsecurity.org/files/113763/ CSRF VideoWhisper Video Conference 4.51 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113580/ UPLOAD Auctions Plugin 2.0.1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113568/ UPLOAD LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113844/ UPLOAD Lim4wp 1.1.1 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113846/ UPLOAD Wp-ImageZoom 1.0.3 Remote File Disclosure http://packetstormsecurity.org/files/113845/ UNKNOWN Invit0r 0.22 Shell Upload http://packetstormsecurity.org/files/113639/ UPLOAD Annonces 1.2.0.1 Shell Upload http://packetstormsecurity.org/files/113637/ UPLOAD Contus Video Gallery 1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113571/ UPLOAD Contus HD FLV Player 1.7 Arbitrary File Upload Vulnerability http://packetstormsecurity.org/files/113570/ UPLOAD User Meta Version 1.1.1 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19052/ UPLOAD Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19053/ UPLOAD SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19054/ UPLOAD Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19055/ UPLOAD Mac Photo Gallery 2.7 Arbitrary File Upload http://www.exploit-db.com/exploits/19056/ UPLOAD drag and drop file upload 0.1 Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19057/ UPLOAD Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability http://www.exploit-db.com/exploits/19058/ UPLOAD wp-gpx-max version 1.1.21 Arbitrary File Upload http://www.exploit-db.com/exploits/19050/ UPLOAD Front File Manager Plugin 0.1 Arbitrary File Upload http://www.exploit-db.com/exploits/19012/ UPLOAD Front End Upload 0.5.3 Arbitrary File Upload http://www.exploit-db.com/exploits/19008/ UPLOAD Front End Upload v0.5.4 Arbitrary PHP File Upload http://www.exploit-db.com/exploits/20083/ UPLOAD Omni Secure Files 0.1.13 Arbitrary File Upload http://www.exploit-db.com/exploits/19009/ UPLOAD Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability http://www.exploit-db.com/exploits/19013/ UNKNOWN PICA Photo Gallery 1.0 Remote File Disclosure http://www.exploit-db.com/exploits/19016/ UNKNOWN Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/19018/ UNKNOWN RBX Gallery 2.1 Arbitrary File Upload http://www.exploit-db.com/exploits/19019/ UPLOAD Simple Download Button Shortcode 1.0 Remote File Disclosure http://www.exploit-db.com/exploits/19020/ UNKNOWN Thinkun Remind 1.1.3 Remote File Disclosure http://www.exploit-db.com/exploits/19021/ UNKNOWN Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure http://www.exploit-db.com/exploits/19022/ UNKNOWN wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload http://www.exploit-db.com/exploits/19023/ UPLOAD Gallery 3.06 Arbitrary File Upload http://www.exploit-db.com/exploits/18998/ UPLOAD Font Uploader 1.2.4 Arbitrary File Upload http://www.exploit-db.com/exploits/18994/ UPLOAD WP-Property 1.35.0 Arbitrary File Upload http://www.exploit-db.com/exploits/18987/ UPLOAD WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload http://www.exploit-db.com/exploits/18988/ UPLOAD Google Maps via Store Locator Multiple Vulnerabilities http://www.exploit-db.com/exploits/18989/ MULTI HTML5 AV Manager 0.2.7 Arbitrary File Upload http://www.exploit-db.com/exploits/18990/ UPLOAD Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload http://packetstormsecurity.org/files/113576/, http://www.exploit-db.com/exploits/18991/, http://www.exploit-db.com/exploits/19100/ UPLOAD Asset Manager 0.2 Arbitrary File Upload http://www.exploit-db.com/exploits/18993/ UPLOAD Track That Stat <= 1.0.8 Cross Site Scripting http://packetstormsecurity.org/files/112722/ XSS WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting http://packetstormsecurity.org/files/112658/ XSS Survey And Quiz Tool <= 2.9.2 Cross Site Scripting http://packetstormsecurity.org/files/112685/ XSS WP Statistics <= 2.2.4 Cross Site Scripting http://packetstormsecurity.org/files/112686/ XSS WP Easy Gallery <= 1.7 Cross Site Scripting http://packetstormsecurity.org/files/112687/ XSS Subscribe2 <= 8.0 Cross Site Scripting http://packetstormsecurity.org/files/112688/ XSS Soundcloud Is Gold <= 2.1 Cross Site Scripting http://packetstormsecurity.org/files/112689/ XSS Sharebar <= 1.2.1 SQL Injection / Cross Site Scripting http://packetstormsecurity.org/files/112690/ MULTI Share And Follow <= 1.80.3 Cross Site Scripting http://packetstormsecurity.org/files/112691/ XSS SABRE <= 1.2.0 Cross Site Scripting http://packetstormsecurity.org/files/112692/ XSS Pretty Link Lite <= 1.5.2 Cross Site Scripting http://packetstormsecurity.org/files/112693/ XSS Newsletter Manager <= 1.0 Cross Site Scripting http://packetstormsecurity.org/files/112694/ XSS Network Publisher <= 5.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112695/ XSS LeagueManager <= 3.7 Cross Site Scripting http://packetstormsecurity.org/files/112698/ XSS Leaflet <= 0.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112699/ XSS PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting http://packetstormsecurity.org/files/112700/ XSS IFrame Admin Pages <= 0.1 Cross Site Scripting http://packetstormsecurity.org/files/112701/ XSS EZPZ One Click Backup <= 12.03.10 Cross Site Scripting http://packetstormsecurity.org/files/112705/ XSS Dynamic Widgets <= 1.5.1 Cross Site Scripting http://packetstormsecurity.org/files/112706/ XSS Download Monitor <= 3.3.5.4 Cross Site Scripting http://packetstormsecurity.org/files/112707/ XSS Download Manager <= 2.2 Cross Site Scripting http://packetstormsecurity.org/files/112708/ XSS Code Styling Localization <= 1.99.16 Cross Site Scripting http://packetstormsecurity.org/files/112709/ XSS Catablog <= 1.6 Cross Site Scripting http://packetstormsecurity.org/files/112619/ XSS Bad Behavior <= 2.24 Cross Site Scripting http://packetstormsecurity.org/files/112619/ XSS BulletProof Security <= 0.47 Cross Site Scripting http://packetstormsecurity.org/files/112618/ XSS Better WP Security <= 3.2.4 Cross Site Scripting http://packetstormsecurity.org/files/112617/ XSS Custom Contact Forms <= 5.0.0.1 Cross Site Scripting http://packetstormsecurity.org/files/112616/ XSS 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting http://packetstormsecurity.org/files/112615/ XSS 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting http://packetstormsecurity.org/files/112711/ XSS Login With Ajax plugin < 3.0.4.1 Cross Site Scripting http://secunia.com/advisories/49013/ XSS Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17628/ SQLI Media Library Categories plugin <= 1.1.1 Cross Site Scripting http://packetstormsecurity.org/files/112697/ SQLI FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload http://packetstormsecurity.org/files/111319/ RFI Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities http://www.exploit-db.com/exploits/18787/ XSS Zingiri Web Shop <= 2.3.5 Cross Site Scripting http://packetstormsecurity.org/files/112684/ XSS Zingiri Web Shop 2.4.3 Shell Upload http://packetstormsecurity.org/files/113668/ UPLOAD Organizer 1.2.1 Cross Site Scripting / Path Disclosure http://packetstormsecurity.org/files/112086, http://packetstormsecurity.org/files/113800 MULTI Zingiri Tickets plugin File Disclosure http://packetstormsecurity.org/files/111904 UNKNOWN XSS vulnerability in CMS Tree Page View Plugin https://www.htbridge.com/advisory/HTB23083 XSS Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress http://seclists.org/bugtraq/2012/Apr/70 XSS Buddypress <= 1.5.5 SQL Injection http://www.exploit-db.com/exploits/18690/ SQLI Register Plus Redux <= 3.8.3 Cross Site Scripting http://packetstormsecurity.org/files/111367 XSS Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability http://packetstormsecurity.org/files/110103 UPLOAD Kish Guest Posting 1.0 Arbitrary File Upload http://www.exploit-db.com/exploits/18412/ RFI AllWebMenus Shell Upload <= 1.1.9 Shell Upload http://packetstormsecurity.org/files/108946/ RFI AllWebMenus 1.1.3 Remote File Inclusion http://www.exploit-db.com/exploits/17861/ RFI /wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php abspath=XXpathXX Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting http://packetstormsecurity.org/files/108914/ XSS uCan Post plugin <= 1.0.09 Stored XSS http://www.exploit-db.com/exploits/18390/ XSS WP Cycle Playlist plugin Multiple Vulnerabilities http://1337day.com/exploits/17396 MULTI myEASYbackup 1.0.8.1 Directory Traversal http://packetstormsecurity.org/files/108711 UNKNOWN Count Per Day 3.1.1 Cross Site Scripting http://packetstormsecurity.org/files/114787/SSCHADV2012-015.txt XSS Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/18355/ MULTI Count per Day plugin <= 2.17 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17857/ SQLI WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability http://1337day.com/exploits/17368 SQLI Age Verification plugin <= 0.4 Open Redirect http://www.exploit-db.com/exploits/18350 REDIRECT Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting http://packetstormsecurity.org/files/108470 XSS Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/18330/ MULTI Whois Search <= 1.4.2 Cross Site Scripting http://packetstormsecurity.org/files/108271 XSS BLIND SQL injection UPM-POLLS plugin 1.0.4 http://www.exploit-db.com/exploits/18231/ SQLI Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ XSS Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html XSS Link Library plugin <= 5.2.1 SQL Injection http://www.exploit-db.com/exploits/17887/ SQLI CevherShare 2.0 plugin SQL Injection Vulnerability http://www.exploit-db.com/exploits/17891/ SQLI WP Glossary plugin SQL Injection Vulnerability http://www.exploit-db.com/exploits/18055/ SQLI jetpack plugin SQL Injection Vulnerability http://www.exploit-db.com/exploits/18126/ SQLI meenews 5.1 plugin Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 XSS Click Desk Live Support Chat < 2.0 Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 XSS adminimize 1.7.21 Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 XSS Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 XSS MM Duplicate plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17707/ SQLI UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability http://www.exploit-db.com/exploits/17704/ LFI Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17689/ SQLI Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17688/ SQLI Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17687/ SQLI Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17686/ SQLI WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17683/ SQLI OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17681/ SQLI Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17680/ SQLI WP Symposium plugin <= 0.64 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17679/ SQLI Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17678/ SQLI File Groups plugin <= 1.1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17677/ SQLI IP-Logger plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17673/ SQLI Beer Recipes v.1.0 XSS http://www.exploit-db.com/exploits/17453/ SQLI Is-human <=1.4.2 Remote Command Execution Vulnerability http://www.exploit-db.com/exploits/17299/ RCE EditorMonkey plugin (FCKeditor) Arbitrary File Upload http://www.exploit-db.com/exploits/17284/ UPLOAD SermonBrowser 0.43 SQL Injection http://www.exploit-db.com/exploits/17214/ SQLI Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities http://www.exploit-db.com/exploits/17207/ MULTI WP Custom Pages 0.5.0.1 LFI Vulnerability http://www.exploit-db.com/exploits/17119/ LFI GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16947/ MULTI GRAND Flash Album Gallery <= 1.56 XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS GRAND Flash Album Gallery <= 1.71 XSS Vulnerability http://packetstormsecurity.org/files/112704 XSS PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit http://www.exploit-db.com/exploits/16273/ RCE OPS Old Post Spinner 2.2.1 LFI Vulnerability http://www.exploit-db.com/exploits/16251/ LFI jQuery Mega Menu 1.0 Local File Inclusion http://www.exploit-db.com/exploits/16250/ LFI IWantOneButton 3.0.1 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16236/ MULTI WP Forum Server 1.6.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/16235/ SQLI WP Forum Server plugin <= 1.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17828/ SQLI WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities http://www.packetstormsecurity.org/files/112703 MULTI Relevanssi 2.7.2 Stored XSS Vulnerability http://www.exploit-db.com/exploits/16233/ XSS GigPress 2.1.10 Stored XSS Vulnerability http://www.exploit-db.com/exploits/16232/ XSS Comment Rating 2.9.23 Multiple Vulnerabilities http://www.exploit-db.com/exploits/16221/ MULTI Z-Vote 1.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/16218/ SQLI User Photo Component Remote File Upload Vulnerability http://www.exploit-db.com/exploits/16181/ UPLOAD Enable Media Replace Multiple Vulnerabilities http://www.exploit-db.com/exploits/16144/ MULTI Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection http://packetstormsecurity.org/files/108915/ MULTI Mingle Forum plugin <= 1.0.31 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17894/ SQLI Mingle Forum (Plugin) <= 1.0.26 Multiple Vulnerabilities http://www.exploit-db.com/exploits/15943/ MULTI Mingle Forum <= 1.0.33 Cross Site Scripting http://packetstormsecurity.org/files/112696/ MULTI Accept Signups 0.1 XSS http://www.exploit-db.com/exploits/15808/ XSS Events Manager Extended Persistent XSS Vulnerability http://www.exploit-db.com/exploits/14923/ XSS NextGEN Smooth Gallery Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/14541/ SQLI myLDlinker SQL Injection Vulnerability http://www.exploit-db.com/exploits/14441/ SQLI Firestats Remote Configuration File Download http://www.exploit-db.com/exploits/14308/ UNKNOWN Simple:Press SQL Injection Vulnerability http://www.exploit-db.com/exploits/14198/ SQLI Vulnerabilities in Cimy Counter for WordPress http://www.exploit-db.com/exploits/14057/ MULTI XSS in NextGEN Gallery <= 1.5.1 http://www.exploit-db.com/exploits/12098/ XSS Copperleaf Photolog SQL injection http://www.exploit-db.com/exploits/11458/ SQLI Events SQL Injection Vulnerability http://www.exploit-db.com/exploits/10929/ SQLI Image Manager Plugins Shell Upload Vulnerability http://www.exploit-db.com/exploits/10325/ UPLOAD Vulnerabilities in WP-Cumulus <= 1.20 for WordPress http://www.exploit-db.com/exploits/10228/ MULTI WP-Cumulus < 1.23 Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340 XSS WP-Syntax <= 0.9.1 Remote Command Execution http://www.exploit-db.com/exploits/9431/ RCE My Category Order <= 2.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/9150/ SQLI Related Sites 2.1 Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/9054/ SQLI DM Albums 1.9.2 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/9048/ LFI DM Albums 1.9.2 Remote File Inclusion Vuln http://www.exploit-db.com/exploits/9043/ RFI /wp-content/plugins/dm-albums/template/album.php?SECURITY_FILE=XXpathXX Photoracer 1.0 (id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/8961/ SQLI Photoracer plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17720/ SQLI Photoracer plugin <= 1.0 Multiple Vulnerabilities http://www.exploit-db.com/exploits/17731/ MULTI Lytebox (wp-lytebox) Local File Inclusion Vulnerability http://www.exploit-db.com/exploits/8791/ LFI fMoblog 2.1 (id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/8229/ SQLI Page Flip Image Gallery <= 0.2.2 Remote FD Vuln http://www.exploit-db.com/exploits/7543/ LFI e-Commerce <= 3.4 Arbitrary File Upload Exploit http://www.exploit-db.com/exploits/6867/ UPLOAD Download Manager 0.2 Arbitrary File Upload Exploit http://www.exploit-db.com/exploits/6127/ UPLOAD Spreadsheet <= 0.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5486/ SQLI Download (dl_id) SQL Injection Vulnerability http://www.exploit-db.com/exploits/5326/ SQLI Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities http://www.exploit-db.com/exploits/5194/ MULTI Photo album Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5135/ SQLI Simple Forum 2.0-2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5126/ SQLI Simple Forum 1.10-1.11 SQL Injection Vulnerability http://www.exploit-db.com/exploits/5127/ SQLI st_newsletter Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5053/ SQLI st_newsletter (stnl_iframe.php) SQL Injection Vuln http://www.exploit-db.com/exploits/6777/ SQLI Wordspew Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/5039/ SQLI dmsguestbook 1.7.0 Multiple Remote Vulnerabilities http://www.exploit-db.com/exploits/5035/ MULTI WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit http://www.exploit-db.com/exploits/5017/ SQLI Adserve 0.2 adclick.php SQL Injection Exploit http://www.exploit-db.com/exploits/5013/ SQLI plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability http://www.exploit-db.com/exploits/4993/ SQLI WP-Cal 0.3 editevent.php SQL Injection Vulnerability http://www.exploit-db.com/exploits/4992/ SQLI plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/4939/ SQLI plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability http://www.exploit-db.com/exploits/7738/ SQLI Wp-FileManager 1.2 Remote Upload Vulnerability http://www.exploit-db.com/exploits/4844/ UPLOAD PictPress <= 0.91 Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/4695/ LFI BackUp<= 0.4.2b RFI Vulnerability http://www.exploit-db.com/exploits/4593/ RFI /wp-content/plugins/BackUp/Archive.php?bkpwp_plugin_path=XXpathXX plugin myflash <= 1.00 (wppath) RFI Vulnerability http://www.exploit-db.com/exploits/3828/ RFI /wp-content/plugins/myflash/myflash-button.php?wpPATH=XXpathXX plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability http://www.exploit-db.com/exploits/3825/ RFI /wp-content/plugins/wordtube/wordtube-button.php?wpPATH=XXpathXX plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability http://www.exploit-db.com/exploits/3824/ RFI /wp-content/plugins/wp-table/js/wptable-button.phpp?wpPATH=XXpathXX myGallery <= 1.4b4 Remote File Inclusion Vulnerability http://www.exploit-db.com/exploits/3814/ RFI /mygallery/myfunctions/mygallerybrowser.php?myPath=XXpathXX SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability http://www.exploit-db.com/exploits/17716/ SQLI Js-appointment plugin <= 1.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17724/ SQLI MM Forms Community <= 1.2.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17725/ SQLI MM Forms Community 2.2.6 Arbitrary File Upload http://www.exploit-db.com/exploits/18997/ UPLOAD Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17728/ SQLI Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17729/ SQLI Oqey Headers plugin <= 0.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17730/ SQLI Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17737/ SQLI Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17738/ SQLI Evarisk 5.1.5.4 Shell Upload http://packetstormsecurity.org/files/113638/ UPLOAD Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17739/ SQLI mySTAT plugin <= 2.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17740/ SQLI SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17748/ SQLI iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17749/ SQLI Advertizer plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17750/ SQLI Event Registration plugin <= 5.44 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17814/ SQLI Event Registration plugin <= 5.43 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17751/ SQLI Event Registration 5.32 SQL Injection Vulnerability http://www.exploit-db.com/exploits/15513/ SQLI Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17755/ SQLI wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17756/ SQLI yolink Search plugin <= 1.1.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17757/ SQLI PureHTML plugin <= 1.0.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17758/ SQLI Couponer plugin <= 1.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17759/ SQLI grapefile plugin <= 1.1 Arbitrary File Upload http://www.exploit-db.com/exploits/17760/ UPLOAD image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection http://www.exploit-db.com/exploits/17761/ MULTI Donation plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17763/ SQLI WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17764/ SQLI WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17906/ SQLI SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17767/ SQLI VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17771/ SQLI Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17773/ SQLI Zotpress plugin <= 4.4 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17778/ SQLI oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17779/ SQLI Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17789/ SQLI post highlights plugin <= 2.2 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17790/ SQLI KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17791/ SQLI SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17793/ SQLI Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability http://www.exploit-db.com/exploits/17794/ SQLI Paid Downloads plugin <= 2.01 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17797/ SQLI Community Events plugin <= 1.2.1 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17798/ SQLI 1 Flash Gallery Arbiraty File Upload Exploit (MSF) http://www.exploit-db.com/exploits/17801/ UPLOAD WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17808/ SQLI A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17809/ SQLI WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/17832/ SQLI Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability http://www.exploit-db.com/exploits/17858/ LFI TheCartPress <= 1.6 Cross Site Sripting http://packetstormsecurity.org/files/108272/ XSS TheCartPress 1.1.1 Remote File Inclusion http://www.exploit-db.com/exploits/17860/ RFI /wp-content/plugins/thecartpress/checkout/CheckoutEditor.php?tcp_save_fields=true&tcp_class_name=asdf&tcp_class_path=XXpathXX WPEasyStats 1.8 Remote File Inclusion http://www.exploit-db.com/exploits/17862/ RFI /wp-content/plugins/wpeasystats/export.php?homep=XXpathXX Annonces 1.2.0.0 Remote File Inclusion http://www.exploit-db.com/exploits/17863/ RFI /wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php?abspath=XXpathXX Livesig 0.4 Remote File Inclusion http://www.exploit-db.com/exploits/17864/ RFI /wp-content/plugins/livesig/livesig-ajax-backend.php wp-root=XXpathXX&action=asdf Disclosure Policy 1.0 Remote File Inclusion http://www.exploit-db.com/exploits/17865/ RFI /wp-content/plugins/disclosure-policy-plugin/functions/action.php?delete=asdf&blogUrl=asdf&abspath=XXpathXX Mailing List 1.3.2 Remote File Inclusion http://www.exploit-db.com/exploits/17866/ RFI /wp-content/plugins/mailz/lists/config/config.php?wpabspath=XXpathXX Mailing List < 1.4.1 Arbitrary file download http://www.exploit-db.com/exploits/18276/ UNKNOWN Zingiri Web Shop 2.2.0 Remote File Inclusion http://www.exploit-db.com/exploits/17867/ RFI /wp-content/plugins/g-web-shop/fws/ajax/init.inc.php?wpabspath=XXpathXX Zingiri Web Shop <= 2.2.3 Remote Code Execution http://www.exploit-db.com/exploits/18111/ RCE Mini Mail Dashboard Widget 1.36 Remote File Inclusion http://www.exploit-db.com/exploits/17868/ RFI Mini Mail Dashboard Widget 1.42 Stored XSS http://www.exploit-db.com/exploits/20358/ XSS Relocate Upload 0.14 Remote File Inclusion http://www.exploit-db.com/exploits/17869/ RFI /wp-content/plugins/relocate-upload/relocate-upload.php?ru_folder=asdf&abspath=XXpathXX Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Auto Attachments plugin 0.2.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD WP Marketplace plugin 1.1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD DP Thumbnail plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Vk Gallery plugin 1.1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD CAC Featured Content plugin 0.8 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Rent A Car plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD LISL Last Image Slider plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Islidex plugin 2.7 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Kino Gallery plugin 1.0 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Cms Pack plugin 1.3 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD A Gallery plugin 0.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Category List Portfolio Page plugin 0.9 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Really Easy Slider plugin 0.1 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD User Avatar plugin 1.3.7 shell upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD Extend plugin 1.3.7 Shell Upload vulnerability http://www.exploit-db.com/exploits/17872/ UPLOAD AdRotate plugin <= 3.6.5 SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI AdRotate plugin <= 3.6.6 SQL Injection Vulnerability http://www.exploit-db.com/exploits/18114/ SQLI WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability http://www.exploit-db.com/exploits/17970/ SQLI GD Star Rating plugin <= 1.9.10 SQL Injection http://www.exploit-db.com/exploits/17973/ SQLI GD Star Rating plugin <= 1.9.16 Cross Site Scripting http://www.packetstormsecurity.org/files/112702 SQLI Contact Form plugin <= 2.7.5 SQL Injection http://www.exploit-db.com/exploits/17980/ SQLI WP Photo Album Plus <= 4.1.1 SQL Injection http://www.exploit-db.com/exploits/17983/ SQLI BackWPUp 2.1.4 Code Execution http://www.exploit-db.com/exploits/17987/ RCE plugin BackWPup 1.5.2, 1.6.1, 1.7.1 Remote and Local Code Execution Vulnerability http://osvdb.org/show/osvdb/71481 RCE