Content Slide - Cross-Site Requst Forgery Vulnerability

Content Slide - Cross-Site Requst Forgery Vulnerability CSRF 93871 52949 Simple Paypal Shopping Cart - Cross-Site Request Forgery Vulnerability 52963 93953 CSRF 3.6 WP-SendSMS - Setting Manipulation CSRF 53796 94209 26124 CSRF WP-SendSMS - wp-admin/admin.php Multiple Parameter XSS 94210 XSS Mail Subscribe List - Script Insertion Vulnerability 53732 94197 XSS 2.1 VideoJS Cross - Site Scripting Vulnerability 53437 http://seclists.org/fulldisclosure/2013/May/66 XSS 0.98 VideoJS Cross - Site Scripting Vulnerability 53426 http://seclists.org/fulldisclosure/2013/May/66 XSS 4.1 VideoJS Cross - Site Scripting Vulnerability 53445 http://seclists.org/fulldisclosure/2013/May/66 XSS 1.4 VideoJS Cross - Site Scripting Vulnerability 53396 http://seclists.org/fulldisclosure/2013/May/66 XSS 2.1 VideoJS Cross - Site Scripting Vulnerability http://seclists.org/fulldisclosure/2013/May/66 XSS Crayon Syntax Highlighter - Remote File Inclusion Vulnerability 50804 http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/ RFI 1.13 UnGallery <= 1.5.8 - Local File Disclosure Vulnerability 17704 LFI UnGallery - Arbitrary Command Execution 50875 http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/ RCE 2.1.6 Thank You Counter Button - XSS 50977 XSS 1.8.3 Bookings - XSS 50975 XSS 1.8.3 Cimy User Manager - Arbitrary File Disclosure 50834 http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/ UNKNOWN FireStorm Professional Real Estate - "id" SQL Injection Vulnerability 51107 SQLI 2.06.04 FireStorm Professional Real Estate - Multiple SQL Injection 50873 http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/ SQLI 2.06.03 WP125 Multiple - XSS 50976 XSS WP125 - CSRF http://www.securityfocus.com/bid/58934 CSRF 1.5.0 All Video Gallery - Multiple SQL Injection Vulnerabilities 50874 http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ SQLI BuddyStream - XSS 50972 XSS post-views - XSS 50982 XSS Floating Social Media Links Remote File Inclusion 51346 http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/ RFI Zingiri Forum Arbitrary File Disclosure 50833 http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/ UNKNOWN Google Document Embedder - Arbitrary File Disclosure 2012-4915 23970 50832 http://www.securityfocus.com/bid/57133 http://packetstormsecurity.com/files/119329/ http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/ exploit/unix/webapp/wp_google_document_embedder_exec UNKNOWN 2.5.4 extended-user-profile Full Path Disclosure vulnerability http://1337day.com/exploit/20118 FPD superslider-show Full Path Disclosure vulnerability http://1337day.com/exploit/20117 FPD multibox - Full Path Disclosure vulnerability http://1337day.com/exploit/20119 FPD OpenInviter Information Disclosure http://packetstormsecurity.com/files/119265/ UNKNOWN RokBox Multiple Vulnerabilities http://1337day.com/exploit/19981 MULTI RokBox <= 2.13 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/118884/ MULTI RokIntroScroller <= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123302/ MULTI RokMicroNews <= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123312/ MULTI RokNewsPager <= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123271/ MULTI RokStories <= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123270/ MULTI grou-random-image-widget Full Path Disclosure http://1337day.com/exploit/20047 FPD sintic_gallery Arbitrary File Upload Vulnerability http://1337day.com/exploit/19993 UPLOAD sintic_gallery Path Disclosure Vulnerability http://1337day.com/exploit/20020 FPD WP-UserOnline Full Path Disclosure http://seclists.org/fulldisclosure/2010/Jul/8 FPD Wp-UserOnline <= 0.62 - Persistent XSS http://seclists.org/fulldisclosure/2010/Jul/8 XSS Shopping Cart Shell Upload / SQL Injection http://packetstormsecurity.com/files/119217/ 51690 MULTI 8.1.15 ReFlex Gallery 1.3 - Shell Upload http://packetstormsecurity.com/files/119218/ UPLOAD ReFlex Gallery 1.4 - reflex-gallery.php Direct Request Path Disclosure 88869 Uploader 1.0.4 - Shell Upload http://packetstormsecurity.com/files/119219/ UPLOAD Xerte Online 0.32 - Shell Upload http://packetstormsecurity.com/files/119220/ UPLOAD Advanced Custom Fields <= 3.5.1 Remote File Inclusion http://packetstormsecurity.com/files/119221/ 51037 23856 87353 exploit/unix/webapp/wp_advanced_custom_fields_exec RFI 3.5.2 sitepress-multilingual-cms Full Path Disclosure http://1337day.com/exploit/20067 FPD Asset Manager 0.2 Arbitrary File Upload 18993 UPLOAD plugin Asset manager upload.php Arbitrary Code Execution http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS powerzoomer Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20253 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51224 XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-3dflick-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20255 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51250 XSS Carousel Slideshow - Unspecified Vulnerabilities 50377 UNKNOWN 3.10 SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-homepage-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20260 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-image-news-slider Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20259 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Image News slider - Unspecified Vulnerabilities 50390 UNKNOWN 3.4 wp-levoslideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20250 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-powerplaygallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20252 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-royal-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20261 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp superb Slideshow Full Path Disclosure http://1337day.com/exploit/19979 FPD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Ajax Post Search Sql Injection http://seclists.org/bugtraq/2012/Nov/33 51205 http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html SQLI 1.3 Answer My Question 1.1 - Multiple XSS http://www.securityfocus.com/archive/1/524625/30/0/threaded 50655 XSS Catalog HTML Code Injection and Cross-site scripting http://packetstormsecurity.com/files/117820/ 51143 MULTI Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60079/info MULTI Spider Catalog 1.4.6 - Multiple Vulnerabilities 25724 93591 MULTI Wordfence 3.3.5 - XSS and IAA http://seclists.org/fulldisclosure/2012/Oct/139 51055 MULTI Wordfence 3.8.1 - XSS http://packetstormsecurity.com/files/122993/ XSS Slideshow jQuery Image Gallery Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html MULTI Slideshow - Multiple Script Insertion Vulnerabilities 51135 XSS Social Discussions Multiple Vulnerabilities http://www.waraxe.us/advisory-93.html MULTI ABtest Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 UNKNOWN BBPress - SQL Injection / Path Disclosure 22396 86400 http://xforce.iss.net/xforce/xfdb/78244 http://packetstormsecurity.com/files/116123/ MULTI NextGen Cu3er Gallery Information Disclosure http://packetstormsecurity.com/files/116150/ UNKNOWN Rich Widget File Upload http://packetstormsecurity.com/files/115787/ UPLOAD Monsters Editor Shell Upload http://packetstormsecurity.com/files/115788/ UPLOAD Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 XSS ThreeWP Email Reflector 1.13 - Stored XSS 20365 XSS SimpleMail 1.0.6 - Stored XSS 20361 50208 XSS Postie 1.4.3 Stored XSS 20360 50207 XSS RSVPMaker v2.5.4 Persistent XSS 20474 50289 XSS Mz-jajak <= 2.1 SQL Injection Vulnerability 20416 50217 SQLI Resume Submissions Job Posting v2.5.1 Unrestricted File Upload http://packetstormsecurity.com/files/114716/ UPLOAD WP-Predict v1.0 Blind SQL Injection 19715 SQLI Backup - Information Disclosure 19524 50038 UNKNOWN 2.1 MoodThingy Widget v0.8.7 Blind SQL Injection 19572 SQLI Paid Business Listings v1.0.2 Blind SQL Injection 19481 SQLI Website FAQ 1.0 - SQL Injection 19400 SQLI Fancy Gallery 1.2.4 Shell Upload http://packetstormsecurity.com/files/114114/ UPLOAD Flip Book 1.0 Shell Upload http://packetstormsecurity.com/files/114112/ UPLOAD Ajax Multi Upload 1.1 Shell Upload http://packetstormsecurity.com/files/114109/ UPLOAD Schreikasten 0.14.13 XSS 19294 XSS Automatic 2.0.3 CSRF http://packetstormsecurity.com/files/113763/ CSRF VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113580/ UPLOAD Video Whisper - XSS http://packetstormsecurity.com/files/122943/ XSS Auctions - 2.0.1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113568/ UPLOAD LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113844/ UPLOAD Lim4wp 1.1.1 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113846/ UPLOAD Wp-ImageZoom 1.0.3 Remote File Disclosure http://packetstormsecurity.com/files/113845/ UNKNOWN Invit0r 0.22 Shell Upload http://packetstormsecurity.com/files/113639/ UPLOAD Annonces 1.2.0.1 Shell Upload http://packetstormsecurity.com/files/113637/ UPLOAD Contus Video Gallery 1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113571/ UPLOAD Contus HD FLV Player <= 1.3 - SQL Injection Vulnerability 17678 SQLI Contus HD FLV Player 1.7 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113570/ UPLOAD User Meta Version 1.1.1 Arbitrary File Upload Vulnerability 19052 UPLOAD Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability 19053 UPLOAD SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability 19054 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability 19055 UPLOAD PICA Photo Gallery 1.0 Remote File Disclosure 19016 UNKNOWN SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Mac Photo Gallery - Two Security Bypass Security Issues 49923 AUTHBYPASS Mac Photo Gallery - Multiple Script Insertion Vulnerabilities 49836 XSS 3.0 Mac Photo Gallery 2.7 Arbitrary File Upload 19056 UPLOAD drag and drop file upload 0.1 Arbitrary File Upload Vulnerability 19057 UPLOAD Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability 19058 UPLOAD wp-gpx-max version 1.1.21 Arbitrary File Upload 19050 UPLOAD Front File Manager 0.1 - Arbitrary File Upload 19012 UPLOAD Front End Upload 0.5.3 Arbitrary File Upload 19008 UPLOAD Front End Upload v0.5.4 Arbitrary PHP File Upload 20083 UPLOAD Omni Secure Files 0.1.13 Arbitrary File Upload 19009 UPLOAD Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability 19013 UNKNOWN Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability 19018 UNKNOWN RBX Gallery 2.1 Arbitrary File Upload 19019 UPLOAD Simple Download Button Shortcode 1.0 Remote File Disclosure 19020 UNKNOWN Thinkun Remind 1.1.3 Remote File Disclosure 19021 UNKNOWN Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure 19022 UNKNOWN wpStoreCart 2.5.27-2.5.29 - Arbitrary File Upload 19023 UPLOAD Gallery 3.06 Arbitrary File Upload 18998 UPLOAD Font Uploader 1.2.4 Arbitrary File Upload 18994 82657 2012-3814 http://www.securityfocus.com/bid/53853 UPLOAD WP Property <=1.35.0 - Arbitrary File Upload 18987 23651 82656 49394 http://packetstormsecurity.com/files/113274/ UPLOAD WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload 18988 UPLOAD Google Maps via Store Locator Multiple Vulnerabilities 18989 MULTI store-locator-le SQL Injection 51757 SQLI 3.8.7 HTML5 AV Manager 0.2.7 - Arbitrary File Upload 18990 http://www.securityfocus.com/bid/53804 UPLOAD Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload http://packetstormsecurity.com/files/113576/ 18991 19100 UPLOAD FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection http://packetstormsecurity.com/files/117768/ 51109 MULTI Track That Stat <= 1.0.8 Cross Site Scripting http://packetstormsecurity.com/files/112722/ http://www.securityfocus.com/bid/53551 XSS WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting http://packetstormsecurity.com/files/112658/ XSS Survey And Quiz Tool <= 2.9.2 Cross Site Scripting http://packetstormsecurity.com/files/112685/ XSS WP Statistics <= 2.2.4 Cross Site Scripting http://packetstormsecurity.com/files/112686/ XSS WP Easy Gallery <= 1.7 Cross Site Scripting http://packetstormsecurity.com/files/112687/ XSS WP Easy Gallery <= 2.7 CSRF http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery CSRF Subscribe2 <= 8.0 Cross Site Scripting http://packetstormsecurity.com/files/112688/ XSS Soundcloud Is Gold <= 2.1 Cross Site Scripting http://packetstormsecurity.com/files/112689/ XSS Sharebar <= 1.2.5 - sharebar-admin.php page Parameter XSS 98078 http://packetstormsecurity.com/files/123365/ XSS Sharebar <= 1.2.5 - Button Manipulation CSRF 94843 CSRF Sharebar <= 1.2.1 - SQL Injection / Cross Site Scripting http://packetstormsecurity.com/files/112690/ MULTI 1.2.2 Share And Follow <= 1.80.3 Cross Site Scripting http://packetstormsecurity.com/files/112691/ XSS SABRE <= 1.2.0 Cross Site Scripting http://packetstormsecurity.com/files/112692/ XSS Pretty Link Lite <= 1.5.2 Cross Site Scripting http://packetstormsecurity.com/files/112693/ XSS Pretty Link Lite <= 1.6.1 Cross Site Scripting 50980 XSS pretty-link - XSS in SWF http://seclists.org/bugtraq/2013/Feb/100 http://packetstormsecurity.com/files/120433/ 2013-1636 XSS Newsletter Manager <= 1.0 Cross Site Scripting http://packetstormsecurity.com/files/112694/ XSS Network Publisher <= 5.0.1 Cross Site Scripting http://packetstormsecurity.com/files/112695/ XSS LeagueManager <= 3.7 Cross Site Scripting http://packetstormsecurity.com/files/112698/ 49949 XSS LeagueManager v3.8 SQL Injection 24789 2013-1852 91442 SQLI Leaflet <= 0.0.1 Cross Site Scripting http://packetstormsecurity.com/files/112699/ XSS PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting http://packetstormsecurity.com/files/112700/ XSS IFrame Admin Pages <= 0.1 Cross Site Scripting http://packetstormsecurity.com/files/112701/ XSS EZPZ One Click Backup <= 12.03.10 Cross Site Scripting http://packetstormsecurity.com/files/112705/ XSS Dynamic Widgets <= 1.5.1 Cross Site Scripting http://packetstormsecurity.com/files/112706/ XSS Download Monitor < 3.3.6.2 Cross Site Scripting http://www.securityfocus.com/bid/61407 53116 2013-5098 2013-3262 XSS 3.3.6.2 Download Monitor <= 3.3.5.7 Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html 50511 XSS Download Monitor <= 3.3.5.4 Cross Site Scripting http://packetstormsecurity.com/files/112707/ XSS Download Manager <= 2.2 Cross Site Scripting http://packetstormsecurity.com/files/112708/ XSS Code Styling Localization <= 1.99.16 Cross Site Scripting http://packetstormsecurity.com/files/112709/ XSS Catablog <= 1.6 Cross Site Scripting http://packetstormsecurity.com/files/112619/ XSS Bad Behavior <= 2.24 Cross Site Scripting http://packetstormsecurity.com/files/112619/ XSS BulletProof Security <= 0.47 - Cross Site Scripting http://packetstormsecurity.com/files/112618/ XSS BulletProof Security - Security Log Script Insertion Vulnerability 95928 95929 95930 2013-3487 53614 0.49 Better WP Security <= 3.5.3 Stored XSS https://github.com/wpscanteam/wpscan/issues/251 http://www.securityfocus.com/archive/1/527634/30/0/threaded 95884 54299 27290 XSS 3.5.4 Better WP Security v3.4.3 Multiple XSS http://seclists.org/bugtraq/2012/Oct/9 XSS 3.4.4 Better WP Security <= 3.2.4 Cross Site Scripting http://packetstormsecurity.com/files/112617/ XSS 3.2.5 Custom Contact Forms <= 5.0.0.1 Cross Site Scripting http://packetstormsecurity.com/files/112616/ XSS 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting http://packetstormsecurity.com/files/112615/ XSS 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting http://packetstormsecurity.com/files/112711/ XSS Login With Ajax - Cross Site Scripting 49013 XSS 3.0.4.1 Login With Ajax - Cross-Site Request Forgery Vulnerability 52950 CSRF 3.1 Media Library Categories <= 1.0.6 - SQL Injection Vulnerability 17628 SQLI Media Library Categories <= 1.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/112697/ SQLI FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload http://packetstormsecurity.com/files/111319/ RFI Zingiri Web Shop - Cookie SQL Injection Vulnerability 49398 SQLI 2.4.8 Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities 18787 48991 XSS Zingiri Web Shop <= 2.3.5 Cross Site Scripting http://packetstormsecurity.com/files/112684/ XSS Zingiri Web Shop 2.4.3 Shell Upload http://packetstormsecurity.com/files/113668/ UPLOAD Organizer 1.2.1 Cross Site Scripting / Path Disclosure http://packetstormsecurity.com/files/112086/ http://packetstormsecurity.com/files/113800/ MULTI Zingiri Tickets - File Disclosure http://packetstormsecurity.com/files/111904/ UNKNOWN XSS vulnerability in CMS Tree Page View Plugin https://www.htbridge.com/advisory/HTB23083 XSS All-in-One Event Calendar 1.4 - Multiple XSS vulnerabilities http://seclists.org/bugtraq/2012/Apr/70 XSS All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS 96271 54038 XSS 1.10 All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection 96272 54038 SQLI 1.10 Buddypress <= 1.5.5 SQL Injection 18690 SQLI Register Plus Redux <= 3.8.3 Cross Site Scripting http://packetstormsecurity.com/files/111367/ XSS Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability http://packetstormsecurity.com/files/110103/ UPLOAD Kish Guest Posting 1.0 Arbitrary File Upload 18412 RFI AllWebMenus Shell Upload <= 1.1.9 Shell Upload http://packetstormsecurity.com/files/108946/ RFI AllWebMenus 1.1.3 Remote File Inclusion 17861 RFI Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting http://packetstormsecurity.com/files/108914/ XSS uCan Post <= 1.0.09 - Stored XSS 18390 XSS WP Cycle Playlist - Multiple Vulnerabilities http://1337day.com/exploits/17396 MULTI myEASYbackup 1.0.8.1 Directory Traversal http://packetstormsecurity.com/files/108711/ UNKNOWN Count per Day 3.2.5 - counter.php XSS Vulnerability 90893 24859 52436 http://packetstormsecurity.com/files/120649/ XSS Count Per Day 3.2.3 - Cross Site Scripting http://packetstormsecurity.com/files/115904/ XSS Count Per Day 3.1.1 - Cross Site Scripting http://packetstormsecurity.com/files/114787/ XSS Count Per Day <= 3.1.1 - Multiple Vulnerabilities 18355 MULTI Count per Day <= 2.17 - SQL Injection Vulnerability 17857 SQLI WP-AutoYoutube <= 0.1 - Blind SQL Injection Vulnerability http://1337day.com/exploits/17368 SQLI Age Verification <= 0.4 - Open Redirect 18350 REDIRECT Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting http://packetstormsecurity.com/files/108470/ XSS Pay With Tweet <= 1.1 - Multiple Vulnerabilities 18330 MULTI Whois Search <= 1.4.2 Cross Site Scripting http://packetstormsecurity.com/files/108271/ XSS UPM-POLLS 1.0.4 - BLIND SQL injection 18231 SQLI Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ XSS Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html XSS Link Library <= 5.2.1 - SQL Injection 17887 SQLI CevherShare 2.0 - SQL Injection Vulnerability 17891 SQLI meenews 5.1 - Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 XSS Click Desk Live Support Chat Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 XSS 2.0 adminimize 1.7.21 Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 XSS Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 XSS MM Duplicate <= 1.2 - SQL Injection Vulnerability 17707 SQLI Menu Creator <= 1.1.7 - SQL Injection Vulnerability 17689 SQLI Allow PHP in Posts and Pages <= 2.0.0.RC1 - SQL Injection Vulnerability 17688 SQLI Global Content Blocks <= 1.2 SQL - Injection Vulnerability 17687 SQLI Ajax Gallery <= 3.0 SQL - Injection Vulnerability 17686 SQLI WP DS FAQ <= 1.3.2 SQL - Injection Vulnerability 17683 SQLI OdiHost Newsletter <= 1.0 SQL - Injection Vulnerability 17681 SQLI Easy Contact Form Lite <= 1.0.7 - SQL Injection Vulnerability 17680 SQLI WP Symposium <= 0.64 - SQL Injection Vulnerability 17679 SQLI WP Symposium <= 12.12 - Multiple SQL Injection Vulnerabilities 50674 http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/ SQLI WP Symposium "u" XSS 52864 XSS 13.04 WP Symposium "u" Redirection Weakness 52925 REDIRECT File Groups <= 1.1.2 SQL Injection Vulnerability 17677 SQLI IP-Logger <= 3.0 SQL Injection Vulnerability 17673 SQLI Beer Recipes v.1.0 XSS 17453 SQLI Is-human <=1.4.2 Remote Command Execution Vulnerability 17299 RCE EditorMonkey (FCKeditor) Arbitrary File Upload 17284 UPLOAD SermonBrowser 0.43 SQL Injection 17214 SQLI Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities 17207 MULTI WP Custom Pages 0.5.0.1 LFI Vulnerability 17119 LFI GRAND FlAGallery - Multiple Vulnerabilities 51100 MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities http://packetstormsecurity.com/files/117665/ http://www.waraxe.us/advisory-94.html 51601 MULTI GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities 16947 MULTI GRAND Flash Album Gallery <= 1.56 XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS GRAND Flash Album Gallery <= 1.71 XSS Vulnerability http://packetstormsecurity.com/files/112704/ XSS GRAND FlAGallery - "gid" SQL Injection Vulnerability 53356 SQLI 2.56 GRAND FlAGallery - "s" Cross-Site Scripting Vulnerability 53111 93714 XSS 2.72 PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit 16273 RCE OPS Old Post Spinner 2.2.1 LFI Vulnerability 16251 LFI jQuery Mega Menu 1.0 Local File Inclusion 16250 LFI IWantOneButton 3.0.1 Multiple Vulnerabilities 16236 MULTI WP Forum Server 1.6.5 SQL Injection Vulnerability 16235 SQLI WP Forum Server <= 1.7 SQL Injection Vulnerability 17828 SQLI WP Forum Server <= 1.7.3 SQL Injection / XSS Vulnerabilities http://packetstormsecurity.com/files/112703/ MULTI Relevanssi 2.7.2 Stored XSS Vulnerability 16233 XSS GigPress 2.1.10 Stored XSS Vulnerability 16232 XSS Comment Rating 2.9.32 SQL Injection / Bypass http://packetstormsecurity.com/files/120569/ MULTI Comment Rating 2.9.23 Multiple Vulnerabilities 16221 MULTI Z-Vote 1.1 SQL Injection Vulnerability 16218 SQLI User Photo Component Remote File Upload Vulnerability 16181 71071 UPLOAD 0.9.5 Enable Media Replace Multiple Vulnerabilities 16144 MULTI Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection http://packetstormsecurity.com/files/108915/ MULTI Mingle Forum <= 1.0.31 SQL Injection Vulnerability 17894 SQLI Mingle Forum <= 1.0.26 Multiple Vulnerabilities 15943 MULTI Mingle Forum <= 1.0.33 Cross Site Scripting http://packetstormsecurity.com/files/112696/ MULTI Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection 90434 SQLI Mingle Forum 1.0.35 Privilege Escalation CSRF 96905 2013-0736 47687 CSRF Accept Signups 0.1 XSS 15808 XSS Events Manager Extended Persistent XSS Vulnerability 14923 XSS NextGEN Smooth Gallery - Blind SQL Injection Vulnerability 14541 SQLI NextGen Smooth Gallery - XSS http://packetstormsecurity.com/files/123074/ XSS myLDlinker SQL Injection Vulnerability 14441 SQLI Firestats Remote Configuration File Download 14308 UNKNOWN Simple:Press SQL Injection Vulnerability 14198 SQLI Cimy Counter - Vulnerabilities 14057 MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51271 XSS 1.9.8 XSS in NextGEN Gallery <= 1.5.1 12098 XSS 1.5.2 swfupload.swf Multiple Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60433 MULTI NextGEN Gallery 1.9.12 Arbitrary File Upload http://wordpress.org/plugins/nextgen-gallery/changelog/ 94232 2013-3684 UPLOAD 1.9.13 Copperleaf Photolog SQL injection 11458 SQLI Events SQL Injection Vulnerability 10929 95677 SQLI 6.7.10 WP Events Calendar wp-admin/admin.php EC_id Parameter XSS 74705 XSS 6.7.12a Image Manager Plugins Shell Upload Vulnerability 10325 UPLOAD WP-Cumulus <= 1.20 - Vulnerabilities 10228 MULTI WP-Cumulus Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340 XSS 1.23 WP-Syntax <= 0.9.1 Remote Command Execution 9431 RCE My Category Order <= 2.8 SQL Injection Vulnerability 9150 SQLI Related Sites 2.1 Blind SQL Injection Vulnerability 9054 SQLI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS DM Albums 1.9.2 Remote File Disclosure Vulnerability 9048 LFI DM Albums 1.9.2 Remote File Inclusion Vuln 9043 RFI Photoracer 1.0 (id) SQL Injection Vulnerability 8961 SQLI Photoracer <= 1.0 SQL Injection Vulnerability 17720 SQLI Photoracer <= 1.0 Multiple Vulnerabilities 17731 MULTI Lytebox (wp-lytebox) Local File Inclusion Vulnerability 8791 LFI fMoblog 2.1 (id) SQL Injection Vulnerability 8229 SQLI Page Flip Image Gallery <= 0.2.2 Remote FD Vuln 50902 2008-5752 7543 33274 http://www.securityfocus.com/bid/32966 http://xforce.iss.net/xforce/xfdb/47568 LFI e-Commerce <= 3.4 Arbitrary File Upload Exploit 6867 UPLOAD Download Manager 0.2 Arbitrary File Upload Exploit 6127 UPLOAD Spreadsheet <= 0.6 SQL Injection Vulnerability 5486 SQLI Download (dl_id) SQL Injection Vulnerability 5326 SQLI Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities 5194 MULTI Photo album Remote SQL Injection Vulnerability 5135 SQLI Simple Forum 2.0-2.1 SQL Injection Vulnerability 5126 SQLI Simple Forum 1.10-1.11 SQL Injection Vulnerability 5127 SQLI st_newsletter Remote SQL Injection Vulnerability 5053 SQLI st_newsletter (stnl_iframe.php) SQL Injection Vuln 6777 SQLI Wordspew Remote SQL Injection Vulnerability 5039 SQLI dmsguestbook 1.7.0 Multiple Remote Vulnerabilities 5035 MULTI WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit 5017 SQLI Adserve 0.2 adclick.php SQL Injection Exploit 5013 SQLI fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability 4993 SQLI WP-Cal 0.3 editevent.php SQL Injection Vulnerability 4992 SQLI plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability 4939 SQLI plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability 7738 SQLI wp-FileManager 1.2 - Remote Upload Vulnerability 4844 UPLOAD wp-FileManager 1.3.0 - File Download Vulnerability 53421 25440 93446 UNKNOWN 1.4.0 PictPress <= 0.91 Remote File Disclosure Vulnerability 4695 LFI BackUp <= 0.4.2b RFI Vulnerability 4593 RFI plugin myflash <= 1.00 (wppath) RFI Vulnerability 3828 RFI plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability 3825 RFI plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability 3824 RFI myGallery <= 1.4b4 Remote File Inclusion Vulnerability 3814 RFI SendIt <= 1.5.9 Blind SQL Injection Vulnerability 17716 SQLI Js-appointment <= 1.5 SQL Injection Vulnerability 17724 SQLI MM Forms Community <= 1.2.3 SQL Injection Vulnerability 17725 SQLI MM Forms Community 2.2.6 Arbitrary File Upload 18997 UPLOAD Super CAPTCHA <= 2.2.4 SQL Injection Vulnerability 17728 SQLI Collision Testimonials <= 3.0 SQL Injection Vulnerability 17729 SQLI Oqey Headers <= 0.3 SQL Injection Vulnerability 17730 SQLI Facebook Promotions <= 1.3.3 SQL Injection Vulnerability 17737 SQLI Evarisk <= 5.1.3.6 SQL Injection Vulnerability 17738 SQLI Evarisk 5.1.5.4 Shell Upload http://packetstormsecurity.com/files/113638/ UPLOAD Profiles <= 2.0 RC1 SQL Injection Vulnerability 17739 SQLI mySTAT <= 2.6 SQL Injection Vulnerability 17740 SQLI SH Slideshow <= 3.1.4 SQL Injection Vulnerability 17748 SQLI iCopyright(R) Article Tools <= 1.1.4 SQL Injection Vulnerability 17749 SQLI Advertizer <= 1.0 SQL Injection Vulnerability 17750 SQLI Event Registration <= 5.44 SQL Injection Vulnerability 17814 SQLI Event Registration <= 5.43 SQL Injection Vulnerability 17751 SQLI Event Registration 5.32 SQL Injection Vulnerability 15513 SQLI Craw Rate Tracker <= 2.0.2 SQL Injection Vulnerability 17755 SQLI wp audio gallery playlist <= 0.12 SQL Injection Vulnerability 17756 SQLI yolink Search "s" Cross-Site Scripting Vulnerability 52030 XSS 2.6 yolink Search <= 1.1.4 SQL Injection Vulnerability 17757 SQLI PureHTML <= 1.0.0 SQL Injection Vulnerability 17758 SQLI Couponer <= 1.2 SQL Injection Vulnerability 17759 SQLI grapefile <= 1.1 Arbitrary File Upload 17760 UPLOAD image-gallery-with-slideshow <= 1.5 Arbitrary File Upload / SQL Injection 17761 MULTI Donation <= 1.0 SQL Injection Vulnerability 17763 SQLI WP Bannerize <= 2.8.6 SQL Injection Vulnerability 17764 SQLI WP Bannerize <= 2.8.7 SQL Injection Vulnerability 17906 SQLI SearchAutocomplete <= 1.0.8 SQL Injection Vulnerability 17767 SQLI VideoWhisper Video Presentation <= 1.1 SQL Injection Vulnerability 17771 SQLI VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/53851 UPLOAD Facebook Opengraph Meta <= 1.0 SQL Injection Vulnerability 17773 SQLI Zotpress <= 4.4 SQL Injection Vulnerability 17778 SQLI oQey Gallery <= 0.4.8 SQL Injection Vulnerability 17779 SQLI Tweet Old Post <= 3.2.5 SQL Injection Vulnerability 17789 SQLI post highlights <= 2.2 SQL Injection Vulnerability 17790 SQLI KNR Author List Widget <= 2.0.0 SQL Injection Vulnerability 17791 SQLI SCORM Cloud <= 1.0.6.6 SQL Injection Vulnerability 17793 SQLI Eventify - Simple Events <= 1.7.f SQL Injection Vulnerability 17794 SQLI Paid Downloads <= 2.01 SQL Injection Vulnerability 17797 SQLI Community Events <= 1.2.1 SQL Injection Vulnerability 17798 SQLI 1-flash-gallery <= 1.9.0 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS 1 Flash Gallery Arbiraty File Upload Exploit (MSF) 17801 UPLOAD WP-Filebase Download Manager <= 0.2.9 SQL Injection Vulnerability 17808 SQLI WP-Filebase Unspecified Vulnerabilities 51269 UNKNOWN 0.2.9.25 A to Z Category Listing <= 1.3 SQL Injection Vulnerability 17809 SQLI WP e-Commerce <= 3.8.6 SQL Injection Vulnerability 17832 SQLI WP-e-Commerce v3.8.9.5 Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 XSS Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability 17858 LFI TheCartPress <= 1.6 Cross Site Sripting http://packetstormsecurity.com/files/108272/ XSS TheCartPress 1.1.1 Remote File Inclusion 17860 RFI WPEasyStats 1.8 Remote File Inclusion 17862 RFI Annonces 1.2.0.0 Remote File Inclusion 17863 RFI Livesig 0.4 Remote File Inclusion 17864 RFI Disclosure Policy 1.0 Remote File Inclusion 17865 RFI Mailing List 1.3.2 Remote File Inclusion 17866 RFI Mailing List Arbitrary file download 18276 UNKNOWN 1.4.1 Zingiri Web Shop 2.2.0 Remote File Inclusion 17867 RFI Zingiri Web Shop <= 2.2.3 Remote Code Execution 18111 RCE Mini Mail Dashboard Widget 1.36 Remote File Inclusion 17868 RFI Mini Mail Dashboard Widget 1.42 Stored XSS 20358 XSS Relocate Upload 0.14 Remote File Inclusion 17869 RFI Category Grid View Gallery 0.1.1 Shell Upload vulnerability 17872 UPLOAD Category Grid View Gallery CatGridPost.php ID Parameter XSS 94805 XSS Auto Attachments 0.2.9 Shell Upload vulnerability 17872 UPLOAD WP Marketplace 1.1.0 Shell Upload vulnerability 17872 UPLOAD DP Thumbnail 1.0 Shell Upload vulnerability 17872 UPLOAD Vk Gallery 1.1.0 Shell Upload vulnerability 17872 UPLOAD Rekt Slideshow 1.0.5 Shell Upload vulnerability 17872 UPLOAD CAC Featured Content 0.8 Shell Upload vulnerability 17872 UPLOAD Rent A Car 1.0 Shell Upload vulnerability 17872 UPLOAD LISL Last Image Slider 1.0 Shell Upload vulnerability 17872 UPLOAD Islidex 2.7 Shell Upload vulnerability 17872 UPLOAD Kino Gallery 1.0 Shell Upload vulnerability 17872 UPLOAD Cms Pack 1.3 Shell Upload vulnerability 17872 UPLOAD A Gallery 0.9 Shell Upload vulnerability 17872 UPLOAD Category List Portfolio Page 0.9 Shell Upload vulnerability 17872 UPLOAD Really Easy Slider 0.1 Shell Upload vulnerability 17872 UPLOAD Verve Meta Boxes 1.2.8 Shell Upload vulnerability 17872 UPLOAD User Avatar 1.3.7 shell upload vulnerability 17872 UPLOAD Extend 1.3.7 Shell Upload vulnerability 17872 UPLOAD AdRotate <= 3.6.5 SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI AdRotate <= 3.6.6 SQL Injection Vulnerability 18114 SQLI WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability 17970 SQLI GD Star Rating Export Security Bypass Security Issue 49850 AUTHBYPASS 1.9.19 GD Star Rating <= 1.9.16 Cross Site Scripting http://packetstormsecurity.com/files/112702/ XSS GD Star Rating <= 1.9.10 SQL Injection 17973 SQLI Contact Form <= 2.7.5 SQL Injection 17980 SQLI WP Photo Album Plus <= 4.1.1 SQL Injection 17983 SQLI WP Photo Album Plus <= 4.8.12 wp-photo-album-plus.php wppa-searchstring XSS 88851 51669 51679 XSS WP Photo Album Plus Full Path Disclosure http://1337day.com/exploit/20125 FPD 4.9.1 WP Photo Album Plus index.php wppa-tag Parameter XSS 89165 51829 XSS 4.9.3 WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability 93033 2013-3254 53105 XSS 5.0.3 WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS 94465 53915 XSS 5.0.11 BackWPUp 2.1.4 - Code Execution 17987 RCE plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability 71481 RCE BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS 2013-4626 https://www.htbridge.com/advisory/HTB23161 96505 54515 http://packetstormsecurity.com/files/122916/ XSS 3.0.13 portable-phpMyAdmin Authentication Bypass 88391 2012-5469 23356 51520 AUTHBYPASS 1.3.1 super-refer-a-friend Full Path Disclosure http://1337day.com/exploit/20126 FPD 1.0 W3 Total Cache - Username and Hash Extract http://seclists.org/fulldisclosure/2012/Dec/242 https://github.com/FireFart/W3TotalCacheExploit auxiliary/gather/wp_w3_total_cache_hash_extract UNKNOWN 0.9.2.5 W3 Total Cache - Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html exploits/unix/webapp/php_wordpress_total_cache RCE 0.9.2.9 W3 Total Cache 0.9.2.9 - PHP Code Execution 25137 2013-2010 92652 53052 WP-Super-Cache Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html RCE 1.3.1 ripe-hd-player 1.0 SQL Injection 24229 SQLI ripe-hd-player 1.0 Full Path Disclosure 24229 FPD floating-tweets persistent XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ XSS floating-tweets directory traversal http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ UNKNOWN ipfeuilledechou SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploits/20206 SQLI Simple Login Log XSS 51780 XSS 0.9.4 Simple Login Log SQL Injection 51780 SQLI 0.9.4 wp-slimstat XSS 51721 XSS 2.8.5 SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability 55160 http://packetstormsecurity.com/files/123494/ UPLOAD browser-rejector Remote and Local File Inclusion 51739 LFI 2.11 File Uploader PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ UPLOAD Poll Cross-Site Request Forgery Vulnerability 51925 CSRF 34.06 Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin 51942 http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html http://seclists.org/bugtraq/2013/Jan/86 SQLI Poll Multiple SQL Injection Vulnerabilities 50910 SQLI 33.6 Developer Formatter CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 51912 MULTI DVS Custom Notification Cross-Site Request Forgery Vulnerability 51531 CSRF 1.0.1 Events Manager 5.3.3 - Multiple XSS Vulnerabilities 51869 XSS 5.3.4 Events Manager 5.3.8 - Multiple XSS Vulnerabilities http://www.securityfocus.com/bid/60078 53478 93558 XSS 5.3.9 Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities 98198 55182 XSS 5.5.2 SolveMedia 1.1.0 - CSRF Vulnerability 24364 89585 http://1337day.com/exploit/20222 51927 CSRF 1.1.1 Welcart e-Commerce Cross-Site Scripting and Request Forgery Vulnerabilities 51581 MULTI Knews Multilingual Newsletters Cross-Site Request Forgery Vulnerability 51543 CSRF Video Lead Form "errMsg" Cross-Site Scripting Vulnerability 51419 XSS WooCommerce Predictive Search "rs" Cross-Site Scripting Vulnerability 51385 XSS WooCommerce index.php calc_shipping_state Parameter XSS 95480 XSS 2.0.13 WP e-Commerce Predictive Search "rs" Cross-Site Scripting Vulnerability 51384 XSS vTiger CRM Lead Capture Unspecified Vulnerability 51305 UNKNOWN 1.1.0 WP-PostViews "search_input" Cross-Site Scripting Vulnerability 50982 XSS WP-PostViews Cross-Site Request Forgery Vulnerability 53127 CSRF 1.63 DX-Contribute Cross-Site Request Forgery Vulnerability 51082 CSRF SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin https://www.htbridge.com/advisory/HTB23140 http://packetstormsecurity.com/files/120089/ http://seclists.org/bugtraq/2013/Feb/29 http://cxsecurity.com/issue/WLB-2013020039 SQLI 2.2.1 Wysija Newsletters swfupload Cross-Site Scripting Vulnerability 51249 http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS 2.1.7 Hitasoft FLV Player - "id" SQL Injection Vulnerability 51179 SQLI Spider Calendar - "many_sp_calendar" Cross-Site Scripting Vulnerability 50981 XSS Spider Calendar 1.3.0 - Multiple Vulnerabilities 25723 93584 53481 MULTI Dynamic Font Replacement 1.3 - SQL Injection Vulnerability http://1337day.com/exploit/20239 SQLI Zingiri Form Builder - "error" Cross-Site Scripting Vulnerability 50983 XSS 1.2.1 White Label CMS - Cross-Site Request Forgery Vulnerability 50487 CSRF 1.5.1 Download Shortcode - "file" Arbitrary File Disclosure Vulnerability 50924 LFI 0.2.1 eShop Magic - "file" Arbitrary File Disclosure Vulnerability 50933 LFI 0.2 Pinterest "Pin It" Button Lite - Multiple Unspecified Vulnerabilities 50868 MULTI 1.4.0 CSS Plus - Unspecified Vulnerabilities 50793 UNKNOWN 1.3.2 Multisite plugin Manager - Two Cross-Site Scripting Vulnerabilities 50762 XSS 3.1.2 ABC Test - "id" Cross-Site Scripting Vulnerability 50608 XSS Token Manager - "tid" Cross-Site Scripting Vulnerabilities 50722 XSS Sexy Add Template - Cross-Site Request Forgery Vulnerability 50709 CSRF Notices Ticker - Cross-Site Request Forgery Vulnerability 50717 CSRF MF Gig Calendar - URL Cross-Site Scripting Vulnerability 50571 XSS wp-topbar <= 3.04 - XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS WP-TopBar - Cross-Site Request Forgery Vulnerability 50693 CSRF 4.0.3 HD Webplayer - Two SQL Injection Vulnerabilities 50466 SQLI Cloudsafe365 - Multiple Vulnerabilities 50392 MULTI 1.47 Vitamin - Two Arbitrary File Disclosure Vulnerabilities 50176 LFI 1.1 Featured Post with thumbnail - Unspecified timthumb Vulnerability 50161 UNKNOWN 1.5 WP Lead Management - Script Insertion Vulnerabilities 50166 XSS XVE Various Embed - JW Player Multiple Cross-Site Scripting Vulnerabilities 50173 XSS 1.0.4 G-Lock Double Opt-in Manager - Two Security Bypass Vulnerabilities 50100 AUTHBYPASS Backend Localization - Cross-Site Scripting Vulnerabilities 50099 XSS 2.0 Flexi Quote Rotator - Cross-Site Request Forgery and SQL Injection Vulnerabilities 49910 MULTI 0.9.2 Get Off Malicious Scripts Cross-Site Scripting Vulnerability 50030 XSS 1.2.07.20 Cimy User Extra Fields - Arbitrary File Upload Vulnerability 49975 UPLOAD 2.3.9 Nmedia Users File Uploader - Arbitrary File Upload Vulnerability 49996 UPLOAD 2.0 wp-explorer-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20251 UPLOAD accordion Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20254 UPLOAD wp-catpro Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20256 UPLOAD RLSWordPressSearch - SQL Injection 24440 SQLI wordpress-simple-shout-box - SQL Injection http://cxsecurity.com/issue/WLB-2013010235 SQLI portfolio-slideshow-pro v3 - SQL Injection http://cxsecurity.com/issue/WLB-2013010236 SQLI Simple History - RSS Feed "rss_secret" Disclosure Weakness 51998 UNKNOWN 1.0.8 p1m media manager - SQL Injection Vulnerability http://www.1337day.com/exploit/20270 SQLI wp-table-reloaded <= 1.9.3 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS wp-table-reloaded - cross-site scripting in SWF http://packetstormsecurity.com/files/119968/ 52027 http://seclists.org/bugtraq/2013/Feb/28 XSS 1.9.4 Gallery - "load" Remote File Inclusion Vulnerability 51347 RFI ForumConverter SQL Injection Vulnerability http://www.1337day.com/exploit/20275 SQLI Newsletter SQL Injection Vulnerability http://www.1337day.com/exploit/20287 SQLI Newsletter - "alert" Cross-Site Scripting Vulnerability 53398 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php XSS 3.2.7 Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin https://www.htbridge.com/advisory/HTB23138 http://packetstormsecurity.com/files/120090/ http://seclists.org/bugtraq/2013/Feb/30 http://cxsecurity.com/issue/WLB-2013020040 52092 XSS 2.92.4 wp-forum - SQL Injection http://cxsecurity.com/issue/WLB-2013020035 SQLI WP ecommerce Shop Styling - "dompdf" Remote File Inclusion Vulnerability 51707 RFI 1.8 Audio Player - XSS in SWF http://seclists.org/bugtraq/2013/Feb/35 52083 XSS 2.0.4.6 CKEditor 4.0 Arbitrary File Upload Exploit http://1337day.com/exploit/20318 UPLOAD myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection http://cxsecurity.com/issue/WLB-2013020061 SQLI WP Online Store 1.3.1 - downloaded before 2013-01-17 File Disclosure and File Inclusion Vulnerabilities 50836 http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/ http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/ MULTI Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect 90559 REDIRECT Contact Form - XSS 90503 XSS smart-flv jwplayer.swf XSS http://www.openwall.com/lists/oss-security/2013/02/24/7 http://packetstormsecurity.com/files/115100/ 90606 XSS Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection http://1337day.com/exploits/20433 MULTI PHP Shell Plugin https://github.com/wpscanteam/wpscan/issues/138 http://plugins.svn.wordpress.org/php-shell/trunk/shell.php RCE Marekkis Watermark Cross Site Scripting http://packetstormsecurity.com/files/120378/ XSS Responsive Logo Slideshow Cross Site Scripting http://packetstormsecurity.com/files/120379/ XSS zopim-live-chat <= 1.2.5 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS ed2k-link-selector <= 1.1.7 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wppygments <= 0.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS copy-in-clipboard <= 0.8 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS search-and-share <= 0.9.3 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS placester <= 0.3.12 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS drp-coupon <= 2.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS coupon-code-plugin <= 2.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS q2w3-inc-manager <= 2.3.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS scorerender <= 0.3.4 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wp-link-to-us <= 2.0 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS buckets <= 0.1.9.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS java-trackback <= 0.2 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS slidedeck2 <= 2.1.20130228 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS wp-clone-by-wp-academy <= 2.1.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS tiny-url <= 1.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS thethe-layout-grid <= 1.0.0 XSS in ZeroClipboard. http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS mobileview <= 1.0.7 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS jaspreetchahals-coupons-lite <= 2.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS geshi-source-colorer <= 0.13 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS click-to-copy-grab-box <= 0.1.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS cleeng <= 2.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS bp-code-snippets <= 2.0 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS snazzy-archives <= 1.7.1 XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/10/3 2009-4168 XSS vkontakte-api XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/11/1 2009-4168 XSS Terillion Reviews Cross Site Scripting http://packetstormsecurity.com/files/120730/ XSS o2s-gallery - Cross Site Scripting Vulnerability http://1337day.com/exploit/20516 XSS bp-gallery 1.2.5 - Cross Site Scripting Vulnerability http://1337day.com/exploit/20518 XSS Simply Poll 1.4.1 - Multiple Vulnerabilities 24850 91446 MULTI Occasions 1.0.4 - CSRF Vulnerability 24858 91490 CSRF Mathjax Latex 1.1 - CSRF Vulnerability 24889 91737 http://1337day.com/exploit/20566 CSRF XSS vulnerability on WP-Banners-Lite http://seclists.org/fulldisclosure/2013/Mar/209 http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513 XSS Backupbuddy - sensitive data exposure in importbuddy.php http://seclists.org/fulldisclosure/2013/Mar/206 http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html UNKNOWN FuneralPress 1.1.6 - Persistent XSS 24914 2013-3529 91868 http://seclists.org/fulldisclosure/2013/Mar/282 XSS ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 37903 2009-4140 UPLOAD 0.5 ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD podPress 8.8.10.13 Cross Site Scripting http://packetstormsecurity.com/files/121011/ XSS fbsurveypro XSS Vulnerability http://1337day.com/exploit/20623 XSS timelineoptinpro XSS Vulnerability http://1337day.com/exploit/20620 XSS kioskprox XSS Vulnerability http://1337day.com/exploit/20624 XSS bigcontact SQLI http://plugins.trac.wordpress.org/changeset/689798 SQLI 1.4.7 drawblog CSRF http://plugins.trac.wordpress.org/changeset/691178 CSRF 0.81 social-media-widget malicious code http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot UNKNOWN 4.0.2 facebook-members CSRF 52962 2013-2703 CSRF 5.0.5 foursquare-checkins CSRF 53151 2013-2709 CSRF 1.3 formidable Pro Unspecified Vulnerabilities 53121 UNKNOWN 1.06.09 all-in-one-webmaster CSRF 52877 2013-2696 CSRF 8.2.4 background-music 1.0 jPlayer.swf XSS 53057 XSS haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS 51336 XSS jammer <= 0.2 jPlayer.swf XSS 53106 XSS syntaxhighlighter clipboard.swf XSS 53235 XSS 3.1.6 top-10 CSRF 53205 CSRF 1.9.3 easy-adsense-lite CSRF 52953 2013-2702 CSRF 6.10 uk-cookie - XSS 87561 http://seclists.org/bugtraq/2012/Nov/50 2012-5856 XSS uk-cookie CSRF http://www.openwall.com/lists/oss-security/2013/06/06/10 94032 2013-2180 CSRF wp-cleanfix Remote Command Execution, CSRF and XSS https://github.com/wpscanteam/wpscan/issues/186 http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning 93450 53395 93468 2013-2108 2013-2109 MULTI 3.0.2 mail-on-update - CSRF 53449 http://www.openwall.com/lists/oss-security/2013/05/16/8 CSRF Advanced XML Reader - XML External Entity (XXE) Data Parsing Arbitrary File Disclosure http://seclists.org/bugtraq/2013/May/5 92904 XXE Related Posts by Zemanta - Cross-Site Request Forgery Vulnerability 53321 CSRF 1.3.2 WordPress Related Posts - Cross-Site Request Forgery Vulnerability 53279 CSRF 2.6.2 Related Posts - Cross-Site Request Forgery Vulnerability 53122 CSRF 2.7.2 WP Print Friendly - Security Bypass Vulnerability 53371 UNKNOWN 0.5.3 Contextual Related Posts - Cross-Site Request Forgery Vulnerability 52960 CSRF 1.8.7 Calendar - Cross-Site Request Forgery Vulnerability 52841 CSRF 1.3.3 Feedweb - 'wp_post_id' Parameter XSS http://www.securityfocus.com/bid/58771 XSS 1.9 WP-Print - CSRF http://www.securityfocus.com/bid/58900 CSRF 2.52 WP-Print - CSRF http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt XSS WP-DownloadManager - CSRF http://www.securityfocus.com/bid/58937 CSRF 1.61 Digg Digg CSRF http://wordpress.org/plugins/digg-digg/changelog/ 53120 93544 CSRF 5.3.5 SS Quiz - Multiple Unspecified Vulnerabilities http://wordpress.org/plugins/ssquiz/changelog/ 53378 93531 UNKNOWN 2.0 FunCaptcha CSRF http://wordpress.org/extend/plugins/funcaptcha/changelog/ UNKNOWN 0.33 xili-language XSS http://wordpress.org/plugins/xili-language/changelog/ XSS 2.8.6 Security issue which allowed any user to reset settings http://wordpress.org/plugins/wordpress-seo/changelog/ UNKNOWN 1.4.5 CSRF in WordPress underConstruction plugin http://wordpress.org/plugins/underconstruction/changelog/ 52881 93857 2013-2699 CSRF 1.09 ADIF Log Search Widget XSS Arbitrary Vulnerability http://packetstormsecurity.com/files/121777/ 53599 93721 XSS Exploit Scanner - FPD and Security bypass vulnerabilities http://seclists.org/fulldisclosure/2013/May/216 93799 MULTI GA Universal - Cross-Site Request Forgery Vulnerability 52976 http://wordpress.org/plugins/ga-universal/changelog/ CSRF 1.0.1 Remote File Inclusion Vulnerability 51348 93715 RFI 2.3 qTranslate - Cross-Site Request Forgery Vulnerability 53126 93873 CSRF Image slider with description - Unspecified Vulnerability 53588 93691 UNKNOWN 7.0 User Role Editor - Cross-Site Request Forgery Vulnerability 53593 93699 25721 CSRF 3.14 EELV Newsletter - Cross-Site Scripting Vulnerability 53546 93685 XSS 3.3.1 Frontier Post - Publishing Posts Security Bypass 53474 93639 UNKNOWN Spider Catalog - Cross-Site Scripting and SQL Injection Vulnerabilities 53491 93591 93593 93594 93595 93596 93597 93598 MULTI Spider Event Calendar - Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities 53481 93584 93585 93586 93587 93588 93582 MULTI AntiVirus - FPD and Security bypass vulnerabilities http://seclists.org/fulldisclosure/2013/Jun/0 MULTI WP Maintenance Mode Setting Manipulation CSRF 94450 CSRF Ultimate Auction 1.0 - CSRF Vulnerability 94407 26240 CSRF Leaflet Maps Marker Tag Multiple Parameter SQL Injection 94388 SQLI 3.5.4 Xorbin Analog Flash Clock 1.0 Flash-based XSS http://advisory.prakharprasad.com/xorbin_afc_wp.txt 2013-4692 XSS Xorbin Digital Flash Clock 1.0 Flash-based XSS http://advisory.prakharprasad.com/xorbin_dfc_wp.txt 2013-4693 XSS Dropdown Menu Widget Script Insertion CSRF 94771 CSRF BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS 94807 XSS 1.0.2 wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection 94702 SQLI Stream Video Player - - Setting Manipulation CSRF 94466 CSRF Duplicator installer.cleanup.php package Parameter XSS 95627 2013-4625 XSS 0.4.5 Citizen Space Script Insertion CSRF 95570 CSRF 1.1 Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion 95557 26804 RFI Pie Register wp-login.php Multiple Parameter XSS 95160 XSS 1.31 CSRF in admin/setting.php in Xhanch 96027 53133 2013-3253 CSRF 2.7.7 SexyBookmarks - Setting Manipulation CSRF http://wordpress.org/plugins/sexybookmarks/changelog/ 95908 2013-3256 53138 CSRF 6.1.5.0 CSRF in HMS Testimonials 2.0.10 http://wordpress.org/plugins/hms-testimonials/changelog/ 2013-4240 96107 96108 96109 96110 96111 54402 27531 2.0.11 XSS in HMS Testimonials 2.0.10 http://wordpress.org/plugins/hms-testimonials/changelog/ 2013-4241 96107 96108 96109 96110 96111 54402 27531 2.0.11 IndiaNIC Testimonial 2.2 - CSRF vulnerability http://seclists.org/fulldisclosure/2013/Sep/5 2013-5672 28054 http://packetstormsecurity.com/files/123036/ CSRF IndiaNIC Testimonial 2.2 - SQL Injection vulnerability http://seclists.org/fulldisclosure/2013/Sep/5 2013-5673 28054 http://packetstormsecurity.com/files/123036/ SQLI IndiaNIC Testimonial 2.2 - XSS vulnerability http://seclists.org/fulldisclosure/2013/Sep/5 28054 http://packetstormsecurity.com/files/123036/ XSS Usernoise 3.7.8 - Persistent XSS Vulnerability http://wordpress.org/plugins/usernoise/changelog/ 27403 96000 XSS 3.7.9 platinum_seo_pack.php s Parameter Reflected XSS 97263 1.3.8 Design Approval System 3.6 - XSS Vulnerability http://seclists.org/bugtraq/2013/Sep/54 http://packetstormsecurity.com/files/123227/ 2013-5711 97279 3.7 XSS Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF 97042 http://packetstormsecurity.com/files/123132/ CSRF Event Easy Calendar 1.0.0 - Multiple Unspecified XSS 97041 http://packetstormsecurity.com/files/123132/ XSS Bradesco - falha.php URI Reflected XSS 97624 2013-5916 http://packetstormsecurity.com/files/123356/ XSS Social Hashtags 2.0.0 - New Post Title Field Stored XSS 98027 http://packetstormsecurity.com/files/123485/ XSS Simple Flickr Display Username Field Stored XSS 97991 XSS Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution http://packetstormsecurity.com/files/123349/ http://xforce.iss.net/xforce/xfdb/87384 97662 2013-5961 28452 UPLOAD SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability http://packetstormsecurity.com/files/123493/ 55162 UPLOAD All in One SEO Pack <= 2.3.0 - XSS Vulnerability 98023 2013-5988 http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html http://packetstormsecurity.com/files/123490/ http://www.securityfocus.com/bid/62784 55133 2.3.0.1 XSS Simple Dropbox Upload - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/123235/ http://xforce.iss.net/xforce/xfdb/87166 54856 2013-5963 1.8.8.1 UPLOAD WP Ultimate Email Marketer - Multiple Vulnerabilities 97648 97649 97650 97651 97652 97653 97654 97655 97656 2013-3263 2013-3264 53170 http://www.securityfocus.com/bid/62621 MULTI miniAudioPlayer - Two XSS Vulnerabilities 54979 http://packetstormsecurity.com/files/123372/ XSS Custom Website Data - XSS Vulnerability 54865 XSS Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability 97481 54894 2013-5962 28377 http://packetstormsecurity.com/files/123303/ http://xforce.iss.net/xforce/xfdb/87172 3.3.4 UPLOAD LBG Zoominoutslider - XSS Vulnerability http://packetstormsecurity.com/files/123367/ XSS Woopra - Remote Code Execution http://packetstormsecurity.com/files/123525/ RCE fGallery_Plus - XSS http://packetstormsecurity.com/files/123347/ XSS NOSpamPTI 2.1 - Blind SQL Injection 28485 2013-5917 http://packetstormsecurity.com/files/123331/ SQLI Comment Attachment 1.0 - XSS Vulnerability http://packetstormsecurity.com/files/123327/ XSS Mukioplayer 1.6 - SQL Injection http://packetstormsecurity.com/files/123231/ SQLI Encrypted Blog 0.0.6.2 - XSS, Open Redirect http://packetstormsecurity.com/files/122992/ XSS Simple Login Registration 1.0.1 - XSS http://packetstormsecurity.com/files/122963/ XSS Post Gallery - XSS http://packetstormsecurity.com/files/122957/ XSS ProPlayer 4.7.9.1 - SQL Injection 25605 93564 SQLI Booking Calendar 4.1.4 - CSRF Vulnerability 27399 96088 http://wpbookingcalendar.com/ CSRF 4.1.6 ThinkIT 0.1 - Multiple Vulnerabilities 27751 96515 http://packetstormsecurity.com/files/122898/ MULTI Quick Contact Form 6.0 - Persistent XSS 28808 http://packetstormsecurity.com/files/123549/ http://quick-plugins.com/quick-contact-form/ XSS Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability http://www.securityfocus.com/bid/53850 IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities 24867 91625 MULTI IndiaNIC FAQs Manager 1.0 - Blind SQL Injection 24868 91623 SQLI Booking System - events_facualty_list.php eid Parameter Reflected XSS 96740 XSS JS Restaurant - popup.php restuarant_id Parameter SQL Injection 96743 http://packetstormsecurity.com/files/122316/ SQLI FlagEm - flagit.php cID Parameter XSS 98226 http://www.securityfocus.com/bid/61401 http://xforce.iss.net/xforce/xfdb/85925 http://packetstormsecurity.com/files/122505/ XSS Chat - message Parameter XSS 95984 54403 XSS Shareaholic - Unspecified CSRF 96321 54529 CSRF 7.0.3.4 Page Showcaser Boxes - Title Field Stored XSS 97579 XSS A Forms 1.4.1 - Form Submission CSRF 96381 54489 CSRF 1.4.2