Content Slide Plugin Cross-Site Requst Forgery Vulnerability

Content Slide Plugin Cross-Site Requst Forgery Vulnerability CSRF 93871 52949 Simple Paypal Shopping Cart Plugin Cross-Site Request Forgery Vulnerability 52963 93953 CSRF 3.6 WP-SendSMS Plugin for WordPress Setting Manipulation CSRF 53796 94209 26124 CSRF WP-SendSMS Plugin for WordPress wp-admin/admin.php Multiple Parameter XSS 94210 XSS Mail Subscribe List Plugin Script Insertion Vulnerability 53732 94197 XSS 2.1 VideoJS Cross-Site Scripting Vulnerability 53437 http://seclists.org/fulldisclosure/2013/May/66 XSS 0.98 VideoJS Cross-Site Scripting Vulnerability 53426 http://seclists.org/fulldisclosure/2013/May/66 XSS 4.1 VideoJS Cross-Site Scripting Vulnerability 53445 http://seclists.org/fulldisclosure/2013/May/66 XSS 1.4 VideoJS Cross-Site Scripting Vulnerability 53396 http://seclists.org/fulldisclosure/2013/May/66 XSS 2.1 VideoJS Cross-Site Scripting Vulnerability http://seclists.org/fulldisclosure/2013/May/66 XSS Crayon Syntax Highlighter Remote File Inclusion Vulnerability 50804 http://ceriksen.com/2012/10/15/wordpress-crayon-syntax-highlighter-remote-file-inclusion-vulnerability/ RFI 1.13 UnGallery plugin <= 1.5.8 Local File Disclosure Vulnerability 17704 LFI UnGallery Arbitrary Command Execution 50875 http://ceriksen.com/2012/10/23/wordpress-ungallery-remote-command-injection-vulnerability/ RCE 2.1.6 Thank You Counter Button XSS 50977 XSS 1.8.3 Bookings XSS 50975 XSS 1.8.3 Cimy User Manager Arbitrary File Disclosure 50834 http://ceriksen.com/2012/10/24/wordpress-cimy-user-manager-arbitrary-file-disclosure/ UNKNOWN WordPress FireStorm Professional Real Estate Plugin "id" SQL Injection Vulnerability 51107 SQLI 2.06.04 FireStorm Professional Real Estate Plugin Multiple SQL Injection 50873 http://ceriksen.com/2012/10/25/wordpress-firestorm-professional-real-estate-plugin-sql-injection-vulnerability/ SQLI 2.06.03 WP125 Multiple XSS 50976 XSS WordPress WP125 Plugin CSRF http://www.securityfocus.com/bid/58934 CSRF 1.5.0 Wordpress All Video Gallery Plugin Multiple SQL Injection Vulnerabilities 50874 http://ceriksen.com/2012/11/04/wordpress-all-video-gallery-plugin-sql-injection/ SQLI BuddyStream XSS 50972 XSS post-views XSS 50982 XSS Floating Social Media Links Remote File Inclusion 51346 http://ceriksen.com/2013/01/12/wordpress-floating-social-media-link-plugins-remote-file-inclusion/ RFI Zingiri Forum Arbitrary File Disclosure 50833 http://ceriksen.com/2013/01/12/wordpress-zingiri-forums-arbitrary-file-disclosure/ UNKNOWN Google Document Embedder Arbitrary File Disclosure 23970 http://ceriksen.com/2013/01/03/wordpress-google-document-embedder-arbitrary-file-disclosure/ 50832 exploit/unix/webapp/wp_google_document_embedder_exec UNKNOWN 2.5.4 extended-user-profile Full Path Disclosure vulnerability http://1337day.com/exploit/20118 FPD superslider-show Full Path Disclosure vulnerability http://1337day.com/exploit/20117 FPD multibox plugin Full Path Disclosure vulnerability http://1337day.com/exploit/20119 FPD OpenInviter Information Disclosure http://packetstormsecurity.com/files/119265/ UNKNOWN RokBox Multiple Vulnerabilities http://1337day.com/exploit/19981 MULTI RokBox <= 2.13 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/118884/ MULTI RokIntroScroller <= 1.8 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123302/ MULTI RokMicroNews <= 1.5 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123312/ MULTI RokNewsPager <= 1.17 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123271/ MULTI RokStories <= 1.25 - XSS,DoS,Disclosure,Upload Vulnerabilities 54801 http://packetstormsecurity.com/files/123270/ MULTI grou-random-image-widget Full Path Disclosure http://1337day.com/exploit/20047 FPD sintic_gallery Arbitrary File Upload Vulnerability http://1337day.com/exploit/19993 UPLOAD sintic_gallery Path Disclosure Vulnerability http://1337day.com/exploit/20020 FPD WP-UserOnline Full Path Disclosure http://seclists.org/fulldisclosure/2010/Jul/8 FPD Wp-UserOnline <= 0.62 Persistent XSS http://seclists.org/fulldisclosure/2010/Jul/8 XSS Shopping Cart Shell Upload / SQL Injection http://packetstormsecurity.com/files/119217/ 51690 MULTI 8.1.15 ReFlex Gallery Shell Upload http://packetstormsecurity.com/files/119218/ UPLOAD Uploader 1.0.4 Shell Upload http://packetstormsecurity.com/files/119219/ UPLOAD Xerte Online 0.32 Shell Upload http://packetstormsecurity.com/files/119220/ UPLOAD Advanced Custom Fields <= 3.5.1 Remote File Inclusion http://packetstormsecurity.com/files/119221/ 51037 23856 87353 exploit/unix/webapp/wp_advanced_custom_fields_exec RFI 3.5.2 Wordpress sitepress-multilingual-cms Full Path Disclosure http://1337day.com/exploit/20067 FPD Asset Manager 0.2 Arbitrary File Upload 18993 UPLOAD WordPress plugin Asset manager upload.php Arbitrary Code Execution http://www.ethicalhack3r.co.uk/security/wordpress-plugin-asset-manager-upload-php-arbitrary-code-execution/ UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS powerzoomer Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20253 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51224 XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-3dflick-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20255 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51250 XSS WordPress Carousel Slideshow Plugin Unspecified Vulnerabilities 50377 UNKNOWN 3.10 SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-homepage-slideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20260 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-image-news-slider Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20259 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS WordPress Image News slider Plugin Unspecified Vulnerabilities 50390 UNKNOWN 3.4 wp-levoslideshow Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20250 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-powerplaygallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20252 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp-royal-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20261 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS wp superb Slideshow Full Path Disclosure http://1337day.com/exploit/19979 FPD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Ajax Post Search Sql Injection http://seclists.org/bugtraq/2012/Nov/33 51205 http://www.girlinthemiddle.net/2012/10/sqli-vulnerability-in-ajax-post-search.html SQLI 1.3 Answer My Question 1.1 Multiple XSS http://www.securityfocus.com/archive/1/524625/30/0/threaded 50655 XSS Catalog HTML Code Injection and Cross-site scripting http://packetstormsecurity.com/files/117820/ 51143 MULTI Spider Catalog - Multiple SQL Injection and Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60079/info MULTI Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities 25724 93591 MULTI Wordfence 3.3.5 XSS and IAA http://seclists.org/fulldisclosure/2012/Oct/139 51055 MULTI Wordfence 3.8.1 - XSS http://packetstormsecurity.com/files/122993/ XSS Slideshow jQuery Image Gallery Multiple Vulnerabilities http://www.waraxe.us/advisory-92.html MULTI WordPress Slideshow Plugin Multiple Script Insertion Vulnerabilities 51135 XSS Social Discussions Multiple Vulnerabilities http://www.waraxe.us/advisory-93.html MULTI ABtest Directory Traversal http://scott-herbert.com/blog/2012/10/11/wordpress-plugin-abtest-vulnerable-to-a-directory-traversal-attack-1110 UNKNOWN BBPress - SQL Injection / Path Disclosure 22396 86400 http://xforce.iss.net/xforce/xfdb/78244 http://packetstormsecurity.com/files/116123/ MULTI NextGen Cu3er Gallery Information Disclosure http://packetstormsecurity.com/files/116150/ UNKNOWN Rich Widget File Upload http://packetstormsecurity.com/files/115787/ UPLOAD Monsters Editor Shell Upload http://packetstormsecurity.com/files/115788/ UPLOAD Quick Post Widget 1.9.1 Multiple Cross-site scripting vulnerabilities http://seclists.org/bugtraq/2012/Aug/66 XSS ThreeWP Email Reflector 1.13 Stored XSS 20365 XSS SimpleMail 1.0.6 Stored XSS 20361 50208 XSS Postie 1.4.3 Stored XSS 20360 50207 XSS RSVPMaker v2.5.4 Persistent XSS 20474 50289 XSS Mz-jajak <= 2.1 SQL Injection Vulnerability 20416 50217 SQLI Resume Submissions Job Posting v2.5.1 Unrestricted File Upload http://packetstormsecurity.com/files/114716/ UPLOAD WP-Predict v1.0 Blind SQL Injection 19715 SQLI Backup Plugin Information Disclosure 19524 50038 UNKNOWN 2.1 MoodThingy Widget v0.8.7 Blind SQL Injection 19572 SQLI Paid Business Listings v1.0.2 Blind SQL Injection 19481 SQLI Website FAQ Plugin v1.0 SQL Injection 19400 SQLI Fancy Gallery 1.2.4 Shell Upload http://packetstormsecurity.com/files/114114/ UPLOAD Flip Book 1.0 Shell Upload http://packetstormsecurity.com/files/114112/ UPLOAD Ajax Multi Upload 1.1 Shell Upload http://packetstormsecurity.com/files/114109/ UPLOAD Schreikasten 0.14.13 XSS 19294 XSS Wordpress Automatic 2.0.3 CSRF http://packetstormsecurity.com/files/113763/ CSRF VideoWhisper Video Conference 4.51 - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113580/ UPLOAD Video Whisper - XSS http://packetstormsecurity.com/files/122943/ XSS Auctions Plugin 2.0.1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113568/ UPLOAD LB Mixed Slideshow 1.0 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113844/ UPLOAD Lim4wp 1.1.1 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113846/ UPLOAD Wp-ImageZoom 1.0.3 Remote File Disclosure http://packetstormsecurity.com/files/113845/ UNKNOWN Invit0r 0.22 Shell Upload http://packetstormsecurity.com/files/113639/ UPLOAD Annonces 1.2.0.1 Shell Upload http://packetstormsecurity.com/files/113637/ UPLOAD Contus Video Gallery 1.3 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113571/ UPLOAD Contus HD FLV Player plugin <= 1.3 SQL Injection Vulnerability 17678 SQLI Contus HD FLV Player 1.7 Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/113570/ UPLOAD User Meta Version 1.1.1 Arbitrary File Upload Vulnerability 19052 UPLOAD Top Quark Architecture Version 2.10 Arbitrary File Upload Vulnerability 19053 UPLOAD SfBrowser Version 1.4.5 Arbitrary File Upload Vulnerability 19054 UPLOAD SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS Pica Photo Gallery 1.0 Arbitrary File Upload Vulnerability 19055 UPLOAD PICA Photo Gallery 1.0 Remote File Disclosure 19016 UNKNOWN SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS WordPress Mac Photo Gallery Plugin Two Security Bypass Security Issues 49923 AUTHBYPASS WordPress Mac Photo Gallery Plugin Multiple Script Insertion Vulnerabilities 49836 XSS 3.0 Mac Photo Gallery 2.7 Arbitrary File Upload 19056 UPLOAD drag and drop file upload 0.1 Arbitrary File Upload Vulnerability 19057 UPLOAD Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability 19058 UPLOAD wp-gpx-max version 1.1.21 Arbitrary File Upload 19050 UPLOAD Front File Manager Plugin 0.1 Arbitrary File Upload 19012 UPLOAD Front End Upload 0.5.3 Arbitrary File Upload 19008 UPLOAD Front End Upload v0.5.4 Arbitrary PHP File Upload 20083 UPLOAD Omni Secure Files 0.1.13 Arbitrary File Upload 19009 UPLOAD Easy Contact Forms Export 1.1.0 Information Disclosure Vulnerability 19013 UNKNOWN Plugin: Newsletter 1.5 Remote File Disclosure Vulnerability 19018 UNKNOWN RBX Gallery 2.1 Arbitrary File Upload 19019 UPLOAD Simple Download Button Shortcode 1.0 Remote File Disclosure 19020 UNKNOWN Thinkun Remind 1.1.3 Remote File Disclosure 19021 UNKNOWN Tinymce Thumbnail Gallery 1.0.7 Remote File Disclosure 19022 UNKNOWN wpStoreCart Plugin 2.5.27-2.5.29 Arbitrary File Upload 19023 UPLOAD Gallery 3.06 Arbitrary File Upload 18998 UPLOAD Font Uploader 1.2.4 Arbitrary File Upload 18994 82657 2012-3814 http://www.securityfocus.com/bid/53853 UPLOAD WP Property <=1.35.0 - Arbitrary File Upload 18987 23651 82656 49394 http://packetstormsecurity.com/files/113274/ UPLOAD WP Marketplace 1.5.0 - 1.6.1 Arbitrary File Upload 18988 UPLOAD Google Maps via Store Locator Multiple Vulnerabilities 18989 MULTI store-locator-le SQL Injection 51757 SQLI 3.8.7 HTML5 AV Manager 0.2.7 - Arbitrary File Upload 18990 http://www.securityfocus.com/bid/53804 UPLOAD Foxypress 0.4.1.1 - 0.4.2.1 Arbitrary File Upload http://packetstormsecurity.com/files/113576/ 18991 19100 UPLOAD FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection http://packetstormsecurity.com/files/117768/ 51109 MULTI Track That Stat <= 1.0.8 Cross Site Scripting http://packetstormsecurity.com/files/112722/ http://www.securityfocus.com/bid/53551 XSS WP-Facethumb Gallery <= 0.1 Reflected Cross Site Scripting http://packetstormsecurity.com/files/112658/ XSS Survey And Quiz Tool <= 2.9.2 Cross Site Scripting http://packetstormsecurity.com/files/112685/ XSS WP Statistics <= 2.2.4 Cross Site Scripting http://packetstormsecurity.com/files/112686/ XSS WP Easy Gallery <= 1.7 Cross Site Scripting http://packetstormsecurity.com/files/112687/ XSS WP Easy Gallery <= 2.7 CSRF http://plugins.trac.wordpress.org/changeset?reponame=&old=669527%40wp-easy-gallery&new=669527%40wp-easy-gallery CSRF Subscribe2 <= 8.0 Cross Site Scripting http://packetstormsecurity.com/files/112688/ XSS Soundcloud Is Gold <= 2.1 Cross Site Scripting http://packetstormsecurity.com/files/112689/ XSS Sharebar <= 1.2.5 - sharebar-admin.php page Parameter XSS 98078 http://packetstormsecurity.com/files/123365/ XSS Sharebar <= 1.2.5 - Button Manipulation CSRF 94843 CSRF Sharebar <= 1.2.1 - SQL Injection / Cross Site Scripting http://packetstormsecurity.com/files/112690/ MULTI 1.2.2 Share And Follow <= 1.80.3 Cross Site Scripting http://packetstormsecurity.com/files/112691/ XSS SABRE <= 1.2.0 Cross Site Scripting http://packetstormsecurity.com/files/112692/ XSS Pretty Link Lite <= 1.5.2 Cross Site Scripting http://packetstormsecurity.com/files/112693/ XSS Pretty Link Lite <= 1.6.1 Cross Site Scripting 50980 XSS WordPress pretty-link plugin XSS in SWF http://seclists.org/bugtraq/2013/Feb/100 http://packetstormsecurity.com/files/120433/ 2013-1636 XSS Newsletter Manager <= 1.0 Cross Site Scripting http://packetstormsecurity.com/files/112694/ XSS Network Publisher <= 5.0.1 Cross Site Scripting http://packetstormsecurity.com/files/112695/ XSS LeagueManager <= 3.7 Cross Site Scripting http://packetstormsecurity.com/files/112698/ 49949 XSS LeagueManager v3.8 SQL Injection 24789 2013-1852 91442 SQLI Leaflet <= 0.0.1 Cross Site Scripting http://packetstormsecurity.com/files/112699/ XSS PDF And Print Button Joliprint <= 1.3.0 Cross Site Scripting http://packetstormsecurity.com/files/112700/ XSS IFrame Admin Pages <= 0.1 Cross Site Scripting http://packetstormsecurity.com/files/112701/ XSS EZPZ One Click Backup <= 12.03.10 Cross Site Scripting http://packetstormsecurity.com/files/112705/ XSS Dynamic Widgets <= 1.5.1 Cross Site Scripting http://packetstormsecurity.com/files/112706/ XSS Download Monitor < 3.3.6.2 Cross Site Scripting http://www.securityfocus.com/bid/61407 53116 2013-5098 2013-3262 XSS 3.3.6.2 Download Monitor <= 3.3.5.7 Cross Site Scripting http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html 50511 XSS Download Monitor <= 3.3.5.4 Cross Site Scripting http://packetstormsecurity.com/files/112707/ XSS Download Manager <= 2.2 Cross Site Scripting http://packetstormsecurity.com/files/112708/ XSS Code Styling Localization <= 1.99.16 Cross Site Scripting http://packetstormsecurity.com/files/112709/ XSS Catablog <= 1.6 Cross Site Scripting http://packetstormsecurity.com/files/112619/ XSS Bad Behavior <= 2.24 Cross Site Scripting http://packetstormsecurity.com/files/112619/ XSS BulletProof Security <= 0.47 - Cross Site Scripting http://packetstormsecurity.com/files/112618/ XSS BulletProof Security - Security Log Script Insertion Vulnerability 95928 95929 95930 2013-3487 53614 0.49 Better WP Security <= 3.5.3 Stored XSS https://github.com/wpscanteam/wpscan/issues/251 http://www.securityfocus.com/archive/1/527634/30/0/threaded 95884 54299 27290 XSS 3.5.4 Better WP Security v3.4.3 Multiple XSS http://seclists.org/bugtraq/2012/Oct/9 XSS 3.4.4 Better WP Security <= 3.2.4 Cross Site Scripting http://packetstormsecurity.com/files/112617/ XSS 3.2.5 Custom Contact Forms <= 5.0.0.1 Cross Site Scripting http://packetstormsecurity.com/files/112616/ XSS 2-Click-Socialmedia-Buttons <= 0.34 Cross Site Scripting http://packetstormsecurity.com/files/112615/ XSS 2-Click-Socialmedia-Buttons <= 0.32.2 Cross Site Scripting http://packetstormsecurity.com/files/112711/ XSS Login With Ajax plugin Cross Site Scripting 49013 XSS 3.0.4.1 WordPress Login With Ajax Plugin Cross-Site Request Forgery Vulnerability 52950 CSRF 3.1 Media Library Categories plugin <= 1.0.6 SQL Injection Vulnerability 17628 SQLI Media Library Categories plugin <= 1.1.1 Cross Site Scripting http://packetstormsecurity.com/files/112697/ SQLI FCKeditor Deans With Pwwangs Code <= 1.0.0 Remote Shell Upload http://packetstormsecurity.com/files/111319/ RFI WordPress Zingiri Web Shop Plugin Cookie SQL Injection Vulnerability 49398 SQLI 2.4.8 Zingiri Web Shop <= 2.4.0 Multiple XSS Vulnerabilities 18787 48991 XSS Zingiri Web Shop <= 2.3.5 Cross Site Scripting http://packetstormsecurity.com/files/112684/ XSS Zingiri Web Shop 2.4.3 Shell Upload http://packetstormsecurity.com/files/113668/ UPLOAD Organizer 1.2.1 Cross Site Scripting / Path Disclosure http://packetstormsecurity.com/files/112086/ http://packetstormsecurity.com/files/113800/ MULTI Zingiri Tickets plugin File Disclosure http://packetstormsecurity.com/files/111904/ UNKNOWN XSS vulnerability in CMS Tree Page View Plugin https://www.htbridge.com/advisory/HTB23083 XSS Multiple XSS vulnerabilities in All-in-One Event Calendar for WordPress http://seclists.org/bugtraq/2012/Apr/70 XSS Buddypress <= 1.5.5 SQL Injection 18690 SQLI Register Plus Redux <= 3.8.3 Cross Site Scripting http://packetstormsecurity.com/files/111367/ XSS Magn WP Drag and Drop <= 1.1.4 Upload Shell Upload Vulnerability http://packetstormsecurity.com/files/110103/ UPLOAD Kish Guest Posting 1.0 Arbitrary File Upload 18412 RFI AllWebMenus Shell Upload <= 1.1.9 Shell Upload http://packetstormsecurity.com/files/108946/ RFI AllWebMenus 1.1.3 Remote File Inclusion 17861 RFI Shortcode Redirect <= 1.0.01 Stored Cross Site Scripting http://packetstormsecurity.com/files/108914/ XSS uCan Post plugin <= 1.0.09 Stored XSS 18390 XSS WP Cycle Playlist plugin Multiple Vulnerabilities http://1337day.com/exploits/17396 MULTI myEASYbackup 1.0.8.1 Directory Traversal http://packetstormsecurity.com/files/108711/ UNKNOWN Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability 24859 XSS Count Per Day 3.2.3 Cross Site Scripting http://packetstormsecurity.com/files/115904/ XSS Count Per Day 3.1.1 Cross Site Scripting http://packetstormsecurity.com/files/114787/ XSS Count Per Day plugin <= 3.1.1 Multiple Vulnerabilities 18355 MULTI Count per Day plugin <= 2.17 SQL Injection Vulnerability 17857 SQLI WP-AutoYoutube plugin <= 0.1 Blind SQL Injection Vulnerability http://1337day.com/exploits/17368 SQLI Age Verification plugin <= 0.4 Open Redirect 18350 REDIRECT Yousaytoo Auto Publishing <= 1.0 Cross Site Scripting http://packetstormsecurity.com/files/108470/ XSS Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities 18330 MULTI Whois Search <= 1.4.2 Cross Site Scripting http://packetstormsecurity.com/files/108271/ XSS BLIND SQL injection UPM-POLLS plugin 1.0.4 18231 SQLI Disqus Comment System <= 2.68 Reflected Cross-Site Scripting (XSS) http://www.ethicalhack3r.co.uk/security/wordpress-plugin-disqus-comment-system-xss/ XSS Google reCAPTCHA <= 3.1.3 Reflected XSS Vulnerability http://security-sh3ll.blogspot.com/2011/12/google-recaptcha-wordpress-plugin.html XSS Link Library plugin <= 5.2.1 SQL Injection 17887 SQLI CevherShare 2.0 plugin SQL Injection Vulnerability 17891 SQLI meenews 5.1 plugin Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/151 XSS Click Desk Live Support Chat Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/148 XSS 2.0 adminimize 1.7.21 Cross-Site Scripting Vulnerabilities http://seclists.org/bugtraq/2011/Nov/135 XSS Advanced Text Widget <= 2.0.0 Cross Site Scripting Vulnerability http://seclists.org/bugtraq/2011/Nov/133 XSS MM Duplicate plugin <= 1.2 SQL Injection Vulnerability 17707 SQLI Menu Creator plugin <= 1.1.7 SQL Injection Vulnerability 17689 SQLI Allow PHP in Posts and Pages plugin <= 2.0.0.RC1 SQL Injection Vulnerability 17688 SQLI Global Content Blocks plugin <= 1.2 SQL Injection Vulnerability 17687 SQLI Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability 17686 SQLI WP DS FAQ plugin <= 1.3.2 SQL Injection Vulnerability 17683 SQLI OdiHost Newsletter plugin <= 1.0 SQL Injection Vulnerability 17681 SQLI Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability 17680 SQLI WP Symposium plugin <= 0.64 SQL Injection Vulnerability 17679 SQLI WP Symposium plugin <= 12.12 Multiple SQL Injection Vulnerabilities 50674 http://ceriksen.com/2013/02/18/wp-symposium-multiple-sql-injection/ SQLI WordPress WP Symposium Plugin "u" XSS 52864 XSS 13.04 WordPress WP Symposium Plugin "u" Redirection Weakness 52925 REDIRECT File Groups plugin <= 1.1.2 SQL Injection Vulnerability 17677 SQLI IP-Logger plugin <= 3.0 SQL Injection Vulnerability 17673 SQLI Beer Recipes v.1.0 XSS 17453 SQLI Is-human <=1.4.2 Remote Command Execution Vulnerability 17299 RCE EditorMonkey plugin (FCKeditor) Arbitrary File Upload 17284 UPLOAD SermonBrowser 0.43 SQL Injection 17214 SQLI Ajax Category Dropdown 0.1.5 Multiple Vulnerabilities 17207 MULTI WP Custom Pages 0.5.0.1 LFI Vulnerability 17119 LFI WordPress GRAND FlAGallery Plugin Multiple Vulnerabilities 51100 MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS GRAND Flash Album Gallery 1.9.0 and 2.0.0 Multiple Vulnerabilities http://packetstormsecurity.com/files/117665/ http://www.waraxe.us/advisory-94.html 51601 MULTI GRAND Flash Album Gallery 0.55 Multiple Vulnerabilities 16947 MULTI GRAND Flash Album Gallery <= 1.56 XSS Vulnerability http://seclists.org/bugtraq/2011/Nov/186 XSS GRAND Flash Album Gallery <= 1.71 XSS Vulnerability http://packetstormsecurity.com/files/112704/ XSS WordPress GRAND FlAGallery Plugin "gid" SQL Injection Vulnerability 53356 SQLI 2.56 GRAND FlAGallery Plugin "s" Cross-Site Scripting Vulnerability 53111 93714 XSS 2.72 PHP Speedy <= 0.5.2 (admin_container.php) Remote Code Exec Exploit 16273 RCE OPS Old Post Spinner 2.2.1 LFI Vulnerability 16251 LFI jQuery Mega Menu 1.0 Local File Inclusion 16250 LFI IWantOneButton 3.0.1 Multiple Vulnerabilities 16236 MULTI WP Forum Server 1.6.5 SQL Injection Vulnerability 16235 SQLI WP Forum Server plugin <= 1.7 SQL Injection Vulnerability 17828 SQLI WP Forum Server plugin <= 1.7.3 SQL Injection / XSS Vulnerabilities http://packetstormsecurity.com/files/112703/ MULTI Relevanssi 2.7.2 Stored XSS Vulnerability 16233 XSS GigPress 2.1.10 Stored XSS Vulnerability 16232 XSS WordPress Comment Rating 2.9.32 SQL Injection / Bypass http://packetstormsecurity.com/files/120569/ MULTI Comment Rating 2.9.23 Multiple Vulnerabilities 16221 MULTI Z-Vote 1.1 SQL Injection Vulnerability 16218 SQLI User Photo Component Remote File Upload Vulnerability 16181 71071 UPLOAD 0.9.5 Enable Media Replace Multiple Vulnerabilities 16144 MULTI Mingle Forum <= 1.0.32.1 Cross Site Scripting / SQL Injection http://packetstormsecurity.com/files/108915/ MULTI Mingle Forum <= 1.0.31 SQL Injection Vulnerability 17894 SQLI Mingle Forum <= 1.0.26 Multiple Vulnerabilities 15943 MULTI Mingle Forum <= 1.0.33 Cross Site Scripting http://packetstormsecurity.com/files/112696/ MULTI Mingle Forum 1.0.33.3 Multiple Parameter SQL Injection 90434 SQLI Mingle Forum 1.0.35 Privilege Escalation CSRF 96905 2013-0736 47687 CSRF Accept Signups 0.1 XSS 15808 XSS Events Manager Extended Persistent XSS Vulnerability 14923 XSS NextGEN Smooth Gallery - Blind SQL Injection Vulnerability 14541 SQLI NextGen Smooth Gallery - XSS http://packetstormsecurity.com/files/123074/ XSS myLDlinker SQL Injection Vulnerability 14441 SQLI Firestats Remote Configuration File Download 14308 UNKNOWN Simple:Press SQL Injection Vulnerability 14198 SQLI Vulnerabilities in Cimy Counter for WordPress 14057 MULTI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html 51271 XSS 1.9.8 XSS in NextGEN Gallery <= 1.5.1 12098 XSS 1.5.2 swfupload.swf Multiple Cross Site Scripting Vulnerabilities http://www.securityfocus.com/bid/60433 MULTI NextGEN Gallery 1.9.12 Arbitrary File Upload http://wordpress.org/plugins/nextgen-gallery/changelog/ 94232 2013-3684 UPLOAD 1.9.13 Copperleaf Photolog SQL injection 11458 SQLI Events SQL Injection Vulnerability 10929 95677 SQLI 6.7.10 WP Events Calendar wp-admin/admin.php EC_id Parameter XSS 74705 XSS 6.7.12a Image Manager Plugins Shell Upload Vulnerability 10325 UPLOAD Vulnerabilities in WP-Cumulus <= 1.20 for WordPress 10228 MULTI WP-Cumulus Cross Site Scripting Vulnerabily http://seclists.org/fulldisclosure/2011/Nov/340 XSS 1.23 WP-Syntax <= 0.9.1 Remote Command Execution 9431 RCE My Category Order <= 2.8 SQL Injection Vulnerability 9150 SQLI Related Sites 2.1 Blind SQL Injection Vulnerability 9054 SQLI SWF Vulnerable to XSS Bundled in Many Wordpress Plugins http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS DM Albums 1.9.2 Remote File Disclosure Vulnerability 9048 LFI DM Albums 1.9.2 Remote File Inclusion Vuln 9043 RFI Photoracer 1.0 (id) SQL Injection Vulnerability 8961 SQLI Photoracer plugin <= 1.0 SQL Injection Vulnerability 17720 SQLI Photoracer plugin <= 1.0 Multiple Vulnerabilities 17731 MULTI Lytebox (wp-lytebox) Local File Inclusion Vulnerability 8791 LFI fMoblog 2.1 (id) SQL Injection Vulnerability 8229 SQLI Page Flip Image Gallery <= 0.2.2 Remote FD Vuln 50902 2008-5752 7543 33274 http://www.securityfocus.com/bid/32966 http://xforce.iss.net/xforce/xfdb/47568 LFI e-Commerce <= 3.4 Arbitrary File Upload Exploit 6867 UPLOAD Download Manager 0.2 Arbitrary File Upload Exploit 6127 UPLOAD Spreadsheet <= 0.6 SQL Injection Vulnerability 5486 SQLI Download (dl_id) SQL Injection Vulnerability 5326 SQLI Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities 5194 MULTI Photo album Remote SQL Injection Vulnerability 5135 SQLI Simple Forum 2.0-2.1 SQL Injection Vulnerability 5126 SQLI Simple Forum 1.10-1.11 SQL Injection Vulnerability 5127 SQLI st_newsletter Remote SQL Injection Vulnerability 5053 SQLI st_newsletter (stnl_iframe.php) SQL Injection Vuln 6777 SQLI Wordspew Remote SQL Injection Vulnerability 5039 SQLI dmsguestbook 1.7.0 Multiple Remote Vulnerabilities 5035 MULTI WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit 5017 SQLI Adserve 0.2 adclick.php SQL Injection Exploit 5013 SQLI fGallery 2.4.1 - fimrss.php SQL Injection Vulnerability 4993 SQLI WP-Cal 0.3 editevent.php SQL Injection Vulnerability 4992 SQLI plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability 4939 SQLI plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability 7738 SQLI wp-FileManager 1.2 - Remote Upload Vulnerability 4844 UPLOAD wp-FileManager 1.3.0 - File Download Vulnerability 53421 25440 93446 UNKNOWN 1.4.0 PictPress <= 0.91 Remote File Disclosure Vulnerability 4695 LFI BackUp <= 0.4.2b RFI Vulnerability 4593 RFI plugin myflash <= 1.00 (wppath) RFI Vulnerability 3828 RFI plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability 3825 RFI plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability 3824 RFI myGallery <= 1.4b4 Remote File Inclusion Vulnerability 3814 RFI SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability 17716 SQLI Js-appointment plugin <= 1.5 SQL Injection Vulnerability 17724 SQLI MM Forms Community <= 1.2.3 SQL Injection Vulnerability 17725 SQLI MM Forms Community 2.2.6 Arbitrary File Upload 18997 UPLOAD Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability 17728 SQLI Collision Testimonials plugin <= 3.0 SQL Injection Vulnerability 17729 SQLI Oqey Headers plugin <= 0.3 SQL Injection Vulnerability 17730 SQLI Facebook Promotions plugin <= 1.3.3 SQL Injection Vulnerability 17737 SQLI Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability 17738 SQLI Evarisk 5.1.5.4 Shell Upload http://packetstormsecurity.com/files/113638/ UPLOAD Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability 17739 SQLI mySTAT plugin <= 2.6 SQL Injection Vulnerability 17740 SQLI SH Slideshow plugin <= 3.1.4 SQL Injection Vulnerability 17748 SQLI iCopyright(R) Article Tools plugin <= 1.1.4 SQL Injection Vulnerability 17749 SQLI Advertizer plugin <= 1.0 SQL Injection Vulnerability 17750 SQLI Event Registration plugin <= 5.44 SQL Injection Vulnerability 17814 SQLI Event Registration plugin <= 5.43 SQL Injection Vulnerability 17751 SQLI Event Registration 5.32 SQL Injection Vulnerability 15513 SQLI Craw Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability 17755 SQLI wp audio gallery playlist plugin <= 0.12 SQL Injection Vulnerability 17756 SQLI WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability 52030 XSS 2.6 yolink Search plugin <= 1.1.4 SQL Injection Vulnerability 17757 SQLI PureHTML plugin <= 1.0.0 SQL Injection Vulnerability 17758 SQLI Couponer plugin <= 1.2 SQL Injection Vulnerability 17759 SQLI grapefile plugin <= 1.1 Arbitrary File Upload 17760 UPLOAD image-gallery-with-slideshow plugin <= 1.5 Arbitrary File Upload / SQL Injection 17761 MULTI Donation plugin <= 1.0 SQL Injection Vulnerability 17763 SQLI WP Bannerize plugin <= 2.8.6 SQL Injection Vulnerability 17764 SQLI WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability 17906 SQLI SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability 17767 SQLI VideoWhisper Video Presentation plugin <= 1.1 SQL Injection Vulnerability 17771 SQLI VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload Vulnerability http://www.securityfocus.com/bid/53851 UPLOAD Facebook Opengraph Meta plugin <= 1.0 SQL Injection Vulnerability 17773 SQLI Zotpress plugin <= 4.4 SQL Injection Vulnerability 17778 SQLI oQey Gallery plugin <= 0.4.8 SQL Injection Vulnerability 17779 SQLI Tweet Old Post plugin <= 3.2.5 SQL Injection Vulnerability 17789 SQLI post highlights plugin <= 2.2 SQL Injection Vulnerability 17790 SQLI KNR Author List Widget plugin <= 2.0.0 SQL Injection Vulnerability 17791 SQLI SCORM Cloud plugin <= 1.0.6.6 SQL Injection Vulnerability 17793 SQLI Eventify - Simple Events plugin <= 1.7.f SQL Injection Vulnerability 17794 SQLI Paid Downloads plugin <= 2.01 SQL Injection Vulnerability 17797 SQLI Community Events plugin <= 1.2.1 SQL Injection Vulnerability 17798 SQLI 1-flash-gallery <= 1.9.0 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS 1 Flash Gallery Arbiraty File Upload Exploit (MSF) 17801 UPLOAD WP-Filebase Download Manager plugin <= 0.2.9 SQL Injection Vulnerability 17808 SQLI WordPress WP-Filebase Plugin Unspecified Vulnerabilities 51269 UNKNOWN 0.2.9.25 A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability 17809 SQLI WP e-Commerce plugin <= 3.8.6 SQL Injection Vulnerability 17832 SQLI WP-e-Commerce plugin v3.8.9.5 Cross Site Scripting Vulnerability http://1337day.com/exploit/20517 XSS Filedownload 0.1 (download.php) Remote File Disclosure Vulnerability 17858 LFI TheCartPress <= 1.6 Cross Site Sripting http://packetstormsecurity.com/files/108272/ XSS TheCartPress 1.1.1 Remote File Inclusion 17860 RFI WPEasyStats 1.8 Remote File Inclusion 17862 RFI Annonces 1.2.0.0 Remote File Inclusion 17863 RFI Livesig 0.4 Remote File Inclusion 17864 RFI Disclosure Policy 1.0 Remote File Inclusion 17865 RFI Mailing List 1.3.2 Remote File Inclusion 17866 RFI Mailing List Arbitrary file download 18276 UNKNOWN 1.4.1 Zingiri Web Shop 2.2.0 Remote File Inclusion 17867 RFI Zingiri Web Shop <= 2.2.3 Remote Code Execution 18111 RCE Mini Mail Dashboard Widget 1.36 Remote File Inclusion 17868 RFI Mini Mail Dashboard Widget 1.42 Stored XSS 20358 XSS Relocate Upload 0.14 Remote File Inclusion 17869 RFI Category Grid View Gallery plugin 0.1.1 Shell Upload vulnerability 17872 UPLOAD Category Grid View Gallery CatGridPost.php ID Parameter XSS 94805 XSS Auto Attachments plugin 0.2.9 Shell Upload vulnerability 17872 UPLOAD WP Marketplace plugin 1.1.0 Shell Upload vulnerability 17872 UPLOAD DP Thumbnail plugin 1.0 Shell Upload vulnerability 17872 UPLOAD Vk Gallery plugin 1.1.0 Shell Upload vulnerability 17872 UPLOAD Rekt Slideshow plugin 1.0.5 Shell Upload vulnerability 17872 UPLOAD CAC Featured Content plugin 0.8 Shell Upload vulnerability 17872 UPLOAD Rent A Car plugin 1.0 Shell Upload vulnerability 17872 UPLOAD LISL Last Image Slider plugin 1.0 Shell Upload vulnerability 17872 UPLOAD Islidex plugin 2.7 Shell Upload vulnerability 17872 UPLOAD Kino Gallery plugin 1.0 Shell Upload vulnerability 17872 UPLOAD Cms Pack plugin 1.3 Shell Upload vulnerability 17872 UPLOAD A Gallery plugin 0.9 Shell Upload vulnerability 17872 UPLOAD Category List Portfolio Page plugin 0.9 Shell Upload vulnerability 17872 UPLOAD Really Easy Slider plugin 0.1 Shell Upload vulnerability 17872 UPLOAD Verve Meta Boxes plugin 1.2.8 Shell Upload vulnerability 17872 UPLOAD User Avatar plugin 1.3.7 shell upload vulnerability 17872 UPLOAD Extend plugin 1.3.7 Shell Upload vulnerability 17872 UPLOAD AdRotate plugin <= 3.6.5 SQL Injection Vulnerability http://unconciousmind.blogspot.com/2011/09/wordpress-adrotate-plugin-365-sql.html SQLI AdRotate plugin <= 3.6.6 SQL Injection Vulnerability 18114 SQLI WP-SpamFree 3.2.1 Spam SQL Injection Vulnerability 17970 SQLI WordPress GD Star Rating Plugin Export Security Bypass Security Issue 49850 AUTHBYPASS 1.9.19 GD Star Rating plugin <= 1.9.16 Cross Site Scripting http://packetstormsecurity.com/files/112702/ XSS GD Star Rating plugin <= 1.9.10 SQL Injection 17973 SQLI Contact Form plugin <= 2.7.5 SQL Injection 17980 SQLI WP Photo Album Plus <= 4.1.1 SQL Injection 17983 SQLI WP Photo Album Plus <= 4.8.12 wp-photo-album-plus.php wppa-searchstring XSS 88851 51669 51679 XSS WP Photo Album Plus Full Path Disclosure http://1337day.com/exploit/20125 FPD 4.9.1 WP Photo Album Plus index.php wppa-tag Parameter XSS 89165 51829 XSS 4.9.3 WordPress WP Photo Album Plus "commentid" Cross-Site Scripting Vulnerability 93033 2013-3254 53105 XSS 5.0.3 WP Photo Album Plus wp-admin/admin.php edit_id Parameter XSS 94465 53915 XSS 5.0.11 BackWPUp 2.1.4 - Code Execution 17987 RCE plugin BackWPup 1.5.2, 1.6.1, 1.7.1 - Remote and Local Code Execution Vulnerability 71481 RCE BackWPup 3.0.12 - wp-admin/admin.php tab Parameter XSS 2013-4626 https://www.htbridge.com/advisory/HTB23161 96505 54515 http://packetstormsecurity.com/files/122916/ XSS 3.0.13 portable-phpMyAdmin Authentication Bypass 88391 2012-5469 23356 51520 AUTHBYPASS 1.3.1 super-refer-a-friend Full Path Disclosure http://1337day.com/exploit/20126 FPD 1.0 W3 Total Cache - Username and Hash Extract http://seclists.org/fulldisclosure/2012/Dec/242 https://github.com/FireFart/W3TotalCacheExploit auxiliary/gather/wp_w3_total_cache_hash_extract UNKNOWN 0.9.2.5 W3 Total Cache - Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html exploits/unix/webapp/php_wordpress_total_cache RCE 0.9.2.9 W3 Total Cache 0.9.2.9 - PHP Code Execution 25137 2013-2010 92652 53052 WP-Super-Cache Remote Code Execution http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ http://wordpress.org/support/topic/pwn3d http://blog.sucuri.net/2013/04/update-wp-super-cache-and-w3tc-immediately-remote-code-execution-vulnerability-disclosed.html RCE 1.3.1 ripe-hd-player 1.0 SQL Injection 24229 SQLI ripe-hd-player 1.0 Full Path Disclosure 24229 FPD floating-tweets persistent XSS http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ XSS floating-tweets directory traversal http://packetstormsecurity.com/files/119499/ http://websecurity.com.ua/6023/ UNKNOWN ipfeuilledechou SQL Injection Vulnerability http://www.exploit4arab.com/exploits/377 http://1337day.com/exploits/20206 SQLI Simple Login Log Plugin XSS 51780 XSS 0.9.4 Simple Login Log Plugin SQL Injection 51780 SQLI 0.9.4 wp-slimstat XSS 51721 XSS 2.8.5 SlimStat-Ex - Open Flash Chart Arbitrary File Creation Vulnerability 55160 http://packetstormsecurity.com/files/123494/ UPLOAD browser-rejector Remote and Local File Inclusion 51739 LFI 2.11 WordPress File Uploader Plugin PHP File Upload Vulnerability http://la.usch.io/2013/01/21/wordpress-file-uploader-plugin-php-file-upload-vulnerability/ UPLOAD WordPress Poll Plugin Cross-Site Request Forgery Vulnerability 51925 CSRF 34.06 Multiple SQL injection vulnerabilities in Cardoza Wordpress poll plugin 51942 http://www.girlinthemiddle.net/2013/01/multiple-sql-injection-vulnerabilities.html http://seclists.org/bugtraq/2013/Jan/86 SQLI WordPress Poll Plugin Multiple SQL Injection Vulnerabilities 50910 SQLI 33.6 Wordpress Developer Formatter CSRF and XSS Vulnerability http://illsecure.com/code/Wordpress-DevFormatter-CSRF-Vulnerability.txt http://1337day.com/exploits/20210 51912 MULTI WordPress DVS Custom Notification Plugin Cross-Site Request Forgery Vulnerability 51531 CSRF 1.0.1 Events Manager 5.3.3 - Multiple XSS Vulnerabilities 51869 XSS 5.3.4 Events Manager 5.3.8 - Multiple XSS Vulnerabilities http://www.securityfocus.com/bid/60078 53478 93558 XSS 5.3.9 Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities 98198 55182 XSS 5.5.2 SolveMedia 1.1.0 - CSRF Vulnerability 24364 89585 http://1337day.com/exploit/20222 51927 CSRF 1.1.1 WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities 51581 MULTI WordPress Knews Multilingual Newsletters Plugin Cross-Site Request Forgery Vulnerability 51543 CSRF WordPress Video Lead Form Plugin "errMsg" Cross-Site Scripting Vulnerability 51419 XSS WordPress WooCommerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability 51385 XSS WooCommerce index.php calc_shipping_state Parameter XSS 95480 XSS 2.0.13 WordPress WP e-Commerce Predictive Search Plugin "rs" Cross-Site Scripting Vulnerability 51384 XSS WordPress vTiger CRM Lead Capture Plugin Unspecified Vulnerability 51305 UNKNOWN 1.1.0 WordPress post-views Plugin "search_input" Cross-Site Scripting Vulnerability 50982 XSS WordPress WP-PostViews Plugin Cross-Site Request Forgery Vulnerability 53127 CSRF 1.63 WordPress DX-Contribute Plugin Cross-Site Request Forgery Vulnerability 51082 CSRF SQL Injection Vulnerability in Wysija Newsletters WordPress Plugin https://www.htbridge.com/advisory/HTB23140 http://packetstormsecurity.com/files/120089/ http://seclists.org/bugtraq/2013/Feb/29 http://cxsecurity.com/issue/WLB-2013020039 SQLI 2.2.1 WordPress Wysija Newsletters Plugin swfupload Cross-Site Scripting Vulnerability 51249 http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html XSS 2.1.7 WordPress Hitasoft FLV Player Plugin "id" SQL Injection Vulnerability 51179 SQLI Spider Calendar Plugin "many_sp_calendar" Cross-Site Scripting Vulnerability 50981 XSS Spider Calendar 1.3.0 - Multiple Vulnerabilities 25723 93584 53481 MULTI Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability http://1337day.com/exploit/20239 SQLI WordPress Zingiri Form Builder Plugin "error" Cross-Site Scripting Vulnerability 50983 XSS 1.2.1 WordPress White Label CMS Plugin Cross-Site Request Forgery Vulnerability 50487 CSRF 1.5.1 Wordpress Download Shortcode Plugin "file" Arbitrary File Disclosure Vulnerability 50924 LFI 0.2.1 WordPress eShop Magic Plugin "file" Arbitrary File Disclosure Vulnerability 50933 LFI 0.2 WordPress Pinterest "Pin It" Button Lite Plugin Multiple Unspecified Vulnerabilities 50868 MULTI 1.4.0 WordPress CSS Plus Plugin Unspecified Vulnerabilities 50793 UNKNOWN 1.3.2 WordPress Multisite Plugin Manager Plugin Two Cross-Site Scripting Vulnerabilities 50762 XSS 3.1.2 WordPress ABC Test Plugin "id" Cross-Site Scripting Vulnerability 50608 XSS Wordpress Token Manager Plugin "tid" Cross-Site Scripting Vulnerabilities 50722 XSS WordPress Sexy Add Template Plugin Cross-Site Request Forgery Vulnerability 50709 CSRF WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability 50717 CSRF WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability 50571 XSS wp-topbar <= 3.04 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability 50693 CSRF 4.0.3 WordPress HD Webplayer Plugin Two SQL Injection Vulnerabilities 50466 SQLI WordPress Cloudsafe365 Plugin Multiple Vulnerabilities 50392 MULTI 1.47 WordPress Vitamin Plugin Two Arbitrary File Disclosure Vulnerabilities 50176 LFI 1.1 WordPress Featured Post with thumbnail Plugin Unspecified timthumb Vulnerability 50161 UNKNOWN 1.5 WordPress WP Lead Management Plugin Script Insertion Vulnerabilities 50166 XSS WordPress XVE Various Embed Plugin JW Player Multiple Cross-Site Scripting Vulnerabilities 50173 XSS 1.0.4 WordPress G-Lock Double Opt-in Manager Plugin Two Security Bypass Vulnerabilities 50100 AUTHBYPASS WordPress Backend Localization Plugin Cross-Site Scripting Vulnerabilities 50099 XSS 2.0 WordPress Flexi Quote Rotator Plugin Cross-Site Request Forgery and SQL Injection Vulnerabilities 49910 MULTI 0.9.2 WordPress Get Off Malicious Scripts Cross-Site Scripting Vulnerability 50030 XSS 1.2.07.20 WordPress Cimy User Extra Fields Plugin Arbitrary File Upload Vulnerability 49975 UPLOAD 2.3.9 WordPress Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability 49996 UPLOAD 2.0 wp-explorer-gallery Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20251 UPLOAD accordion Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20254 UPLOAD wp-catpro Arbitrary File Upload Vulnerability http://www.1337day.com/exploit/20256 UPLOAD Wordpress RLSWordPressSearch plugin SQL Injection 24440 SQLI wordpress-simple-shout-box Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013010235 SQLI Wordpress portfolio-slideshow-pro v3 Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013010236 SQLI WordPress Simple History Plugin RSS Feed "rss_secret" Disclosure Weakness 51998 UNKNOWN 1.0.8 WordPress p1m media manager plugin SQL Injection Vulnerability http://www.1337day.com/exploit/20270 SQLI wp-table-reloaded <= 1.9.3 XSS in ZeroClipboard.swf http://1337day.com/exploit/20396 XSS Wordpress wp-table-reloaded plugin cross-site scripting in SWF http://packetstormsecurity.com/files/119968/ 52027 http://seclists.org/bugtraq/2013/Feb/28 XSS 1.9.4 WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability 51347 RFI Wordpress plugins ForumConverter SQL Injection Vulnerability http://www.1337day.com/exploit/20275 SQLI WordPress plugins Newsletter SQL Injection Vulnerability http://www.1337day.com/exploit/20287 SQLI WordPress Newsletter Plugin "alert" Cross-Site Scripting Vulnerability 53398 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php XSS 3.2.7 Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin https://www.htbridge.com/advisory/HTB23138 http://packetstormsecurity.com/files/120090/ http://seclists.org/bugtraq/2013/Feb/30 http://cxsecurity.com/issue/WLB-2013020040 52092 XSS 2.92.4 Wordpress wp-forum plugin SQL Injection http://cxsecurity.com/issue/WLB-2013020035 SQLI WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability 51707 RFI 1.8 Wordpress Audio Player Plugin XSS in SWF http://seclists.org/bugtraq/2013/Feb/35 52083 XSS 2.0.4.6 Wordpress plugin CKEditor 4.0 Arbitrary File Upload Exploit http://1337day.com/exploit/20318 UPLOAD wordpress myftp-ftp-like-plugin-for-wordpress plugin v2 Plugin SQL Injection http://cxsecurity.com/issue/WLB-2013020061 SQLI WordPress WP Online Store Plugin 1.3.1 downloaded before 2013-01-17 File Disclosure and File Inclusion Vulnerabilities 50836 http://ceriksen.com/2013/02/18/wordpress-online-store-arbitrary-file-disclosure/ http://ceriksen.com/2013/02/18/wordpress-online-store-local-file-inclusion-vulnerability/ MULTI Password Protected 1.4 Login Process redirect_to Parameter Arbitrary Site Redirect 90559 REDIRECT Contact Form Plugin XSS 90503 XSS smart-flv jwplayer.swf XSS http://www.openwall.com/lists/oss-security/2013/02/24/7 http://packetstormsecurity.com/files/115100/ 90606 XSS Google Alert And Twitter v.3.1.5 XSS Exploit, SQL Injection http://1337day.com/exploits/20433 MULTI PHP Shell Plugin https://github.com/wpscanteam/wpscan/issues/138 http://plugins.svn.wordpress.org/php-shell/trunk/shell.php RCE Marekkis Watermark Cross Site Scripting http://packetstormsecurity.com/files/120378/ XSS Responsive Logo Slideshow Cross Site Scripting http://packetstormsecurity.com/files/120379/ XSS zopim-live-chat <= 1.2.5 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS ed2k-link-selector <= 1.1.7 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wppygments <= 0.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS copy-in-clipboard <= 0.8 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS search-and-share <= 0.9.3 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS placester <= 0.3.12 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS drp-coupon <= 2.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS coupon-code-plugin <= 2.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS q2w3-inc-manager <= 2.3.1 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS scorerender <= 0.3.4 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS wp-link-to-us <= 2.0 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS buckets <= 0.1.9.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS java-trackback <= 0.2 XSS in ZeroClipboard http://1337day.com/exploit/20396 2013-1808 XSS slidedeck2 <= 2.1.20130228 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS wp-clone-by-wp-academy <= 2.1.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS tiny-url <= 1.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS thethe-layout-grid <= 1.0.0 XSS in ZeroClipboard. http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS paypal-digital-goods-monetization-powered-by-cleeng <= 2.2.13 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS mobileview <= 1.0.7 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS jaspreetchahals-coupons-lite <= 2.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS geshi-source-colorer <= 0.13 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS click-to-copy-grab-box <= 0.1.1 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS cleeng <= 2.3.2 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS bp-code-snippets <= 2.0 XSS in ZeroClipboard http://www.openwall.com/lists/oss-security/2013/03/10/2 http://1337day.com/exploit/20396 2013-1808 XSS snazzy-archives <= 1.7.1 XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/10/3 2009-4168 XSS vkontakte-api XSS vulnerability http://www.openwall.com/lists/oss-security/2013/03/11/1 2009-4168 XSS Terillion Reviews Cross Site Scripting http://packetstormsecurity.com/files/120730/ XSS o2s-gallery plugin Cross Site Scripting Vulnerability http://1337day.com/exploit/20516 XSS bp-gallery plugin v1.2.5 Cross Site Scripting Vulnerability http://1337day.com/exploit/20518 XSS Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities 24850 91446 MULTI Occasions Plugin 1.0.4 - CSRF Vulnerability 24858 91490 CSRF Mathjax Latex 1.1 CSRF Vulnerability 24889 91737 http://1337day.com/exploit/20566 CSRF XSS vulnerability on WP-Banners-Lite http://seclists.org/fulldisclosure/2013/Mar/209 http://threatpost.com/en_us/blogs/xss-flaw-wordpress-plugin-allows-injection-malicious-code-032513 XSS Backupbuddy - sensitive data exposure in importbuddy.php http://seclists.org/fulldisclosure/2013/Mar/206 http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html UNKNOWN FuneralPress 1.1.6 - Persistent XSS 24914 2013-3529 91868 http://seclists.org/fulldisclosure/2013/Mar/282 XSS ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 37903 2009-4140 UPLOAD 0.5 ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD ofc_upload_image.php Arbitrary File Upload Vulnerability 24492 UPLOAD podPress 8.8.10.13 Cross Site Scripting http://packetstormsecurity.com/files/121011/ XSS fbsurveypro XSS Vulnerability http://1337day.com/exploit/20623 XSS timelineoptinpro XSS Vulnerability http://1337day.com/exploit/20620 XSS kioskprox XSS Vulnerability http://1337day.com/exploit/20624 XSS bigcontact SQLI http://plugins.trac.wordpress.org/changeset/689798 SQLI 1.4.7 drawblog CSRF http://plugins.trac.wordpress.org/changeset/691178 CSRF 0.81 social-media-widget malicious code http://plugins.trac.wordpress.org/changeset?reponame=&old=691839%40social-media-widget%2Ftrunk&new=693941%40social-media-widget%2Ftrunk http://slashdot.org/submission/2592777/top-wordpress-widget-sold-off-turned-into-seo-spambot UNKNOWN 4.0.2 facebook-members CSRF 52962 2013-2703 CSRF 5.0.5 foursquare-checkins CSRF 53151 2013-2709 CSRF 1.3 formidable Pro Unspecified Vulnerabilities 53121 UNKNOWN 1.06.09 all-in-one-webmaster CSRF 52877 2013-2696 CSRF 8.2.4 background-music 1.0 jPlayer.swf XSS 53057 XSS haiku-minimalist-audio-player <= 1.0.0 jPlayer.swf XSS 51336 XSS jammer <= 0.2 jPlayer.swf XSS 53106 XSS syntaxhighlighter clipboard.swf XSS 53235 XSS 3.1.6 top-10 CSRF 53205 CSRF 1.9.3 easy-adsense-lite CSRF 52953 2013-2702 CSRF 6.10 uk-cookie plugin XSS 87561 http://seclists.org/bugtraq/2012/Nov/50 2012-5856 XSS uk-cookie CSRF http://www.openwall.com/lists/oss-security/2013/06/06/10 94032 2013-2180 CSRF wp-cleanfix Remote Command Execution, CSRF and XSS https://github.com/wpscanteam/wpscan/issues/186 http://wordpress.org/support/topic/plugin-wp-cleanfix-remote-code-execution-warning 93450 53395 93468 2013-2108 2013-2109 MULTI 3.0.2 mail-on-update plugin CSRF 53449 http://www.openwall.com/lists/oss-security/2013/05/16/8 CSRF Advanced XML Reader Plugin for WordPress XML External Entity (XXE) Data Parsing Arbitrary File Disclosure http://seclists.org/bugtraq/2013/May/5 92904 XXE WordPress Related Posts by Zemanta Plugin Cross-Site Request Forgery Vulnerability 53321 CSRF 1.3.2 WordPress WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability 53279 CSRF 2.6.2 WordPress Related Posts Plugin Cross-Site Request Forgery Vulnerability 53122 CSRF 2.7.2 WordPress WP Print Friendly Plugin Security Bypass Vulnerability 53371 UNKNOWN 0.5.3 WordPress Contextual Related Posts Plugin Cross-Site Request Forgery Vulnerability 52960 CSRF 1.8.7 WordPress Calendar Plugin Cross-Site Request Forgery Vulnerability 52841 CSRF 1.3.3 WordPress Feedweb Plugin 'wp_post_id' Parameter XSS http://www.securityfocus.com/bid/58771 XSS 1.9 WordPress WP-Print Plugin CSRF http://www.securityfocus.com/bid/58900 CSRF 2.52 WordPress WP-Print Plugin CSRF http://packetstorm.wowhacker.com/1304-exploits/wptrafficanalyzer-xss.txt XSS WordPress WP-DownloadManager Plugin CSRF http://www.securityfocus.com/bid/58937 CSRF 1.61 Digg Digg CSRF http://wordpress.org/plugins/digg-digg/changelog/ 53120 93544 CSRF 5.3.5 SS Quiz Plugin Multiple Unspecified Vulnerabilities http://wordpress.org/plugins/ssquiz/changelog/ 53378 93531 UNKNOWN 2.0 FunCaptcha CSRF http://wordpress.org/extend/plugins/funcaptcha/changelog/ UNKNOWN 0.33 xili-language XSS http://wordpress.org/plugins/xili-language/changelog/ XSS 2.8.6 Security issue which allowed any user to reset settings http://wordpress.org/plugins/wordpress-seo/changelog/ UNKNOWN 1.4.5 CSRF in WordPress underConstruction plugin http://wordpress.org/plugins/underconstruction/changelog/ 52881 93857 2013-2699 CSRF 1.09 ADIF Log Search Widget XSS Arbitrary Vulnerability http://packetstormsecurity.com/files/121777/ 53599 93721 XSS FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress http://seclists.org/fulldisclosure/2013/May/216 93799 MULTI FPD and Security bypass vulnerabilities in Exploit Scanner for WordPress http://wordpress.org/plugins/ga-universal/changelog/ XSS 1.0.1 Remote File Inclusion Vulnerability 51348 93715 RFI 2.3 WordPress qTranslate Plugin Cross-Site Request Forgery Vulnerability 53126 93873 CSRF Image slider with description Plugin Unspecified Vulnerability 53588 93691 UNKNOWN 7.0 User Role Editor Plugin Cross-Site Request Forgery Vulnerability 53593 93699 25721 CSRF 3.14 EELV Newsletter Plugin Cross-Site Scripting Vulnerability 53546 93685 XSS 3.3.1 Frontier Post Plugin Publishing Posts Security Bypass 53474 93639 UNKNOWN Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities 53491 93591 93593 93594 93595 93596 93597 93598 MULTI Spider Event Calendar Plugin Security Bypass, Cross-Site Scripting and SQLi Vulnerabilities 53481 93584 93585 93586 93587 93588 93582 MULTI FPD and Security bypass vulnerabilities in AntiVirus for WordPress http://seclists.org/fulldisclosure/2013/Jun/0 MULTI WP Maintenance Mode Setting Manipulation CSRF 94450 CSRF Ultimate Auction 1.0 - CSRF Vulnerability 94407 26240 CSRF Leaflet Maps Marker Tag Multiple Parameter SQL Injection 94388 SQLI 3.5.4 Xorbin Analog Flash Clock 1.0 Flash-based XSS http://advisory.prakharprasad.com/xorbin_afc_wp.txt 2013-4692 XSS Xorbin Digital Flash Clock 1.0 Flash-based XSS http://advisory.prakharprasad.com/xorbin_dfc_wp.txt 2013-4693 XSS Dropdown Menu Widget Script Insertion CSRF 94771 CSRF BuddyPress Extended Friendship Request wp-admin/admin-ajax.php friendship_request_message Parameter XSS 94807 XSS 1.0.2 wp-private-messages /wp-admin/profile.php msgid Parameter SQL Injection 94702 SQLI Stream Video Player Plugin for WordPress Setting Manipulation CSRF 94466 CSRF Duplicator installer.cleanup.php package Parameter XSS 95627 2013-4625 XSS 0.4.5 Citizen Space Script Insertion CSRF 95570 CSRF 1.1 Spicy Blogroll spicy-blogroll-ajax.php Multiple Parameter Remote File Inclusion 95557 26804 RFI Pie Register wp-login.php Multiple Parameter XSS 95160 XSS 1.31 CSRF in admin/setting.php in Xhanch 53133 2013-3253 CSRF 2.7.7 SexyBookmarks - Setting Manipulation CSRF http://wordpress.org/plugins/sexybookmarks/changelog/ 95908 2013-3256 53138 CSRF 6.1.5.0 CSRF in HMS Testimonials 2.0.10 http://wordpress.org/plugins/hms-testimonials/changelog/ 2013-4240 96107 96108 96109 96110 96111 54402 27531 2.0.11 XSS in HMS Testimonials 2.0.10 http://wordpress.org/plugins/hms-testimonials/changelog/ 2013-4241 96107 96108 96109 96110 96111 54402 27531 2.0.11 IndiaNIC Testimonial 2.2 - CSRF vulnerability http://seclists.org/fulldisclosure/2013/Sep/5 2013-5672 28054 http://packetstormsecurity.com/files/123036/ CSRF IndiaNIC Testimonial 2.2 - SQL Injection vulnerability http://seclists.org/fulldisclosure/2013/Sep/5 2013-5673 28054 http://packetstormsecurity.com/files/123036/ SQLI IndiaNIC Testimonial 2.2 - XSS vulnerability http://seclists.org/fulldisclosure/2013/Sep/5 28054 http://packetstormsecurity.com/files/123036/ XSS Usernoise 3.7.8 - Persistent XSS Vulnerability http://wordpress.org/plugins/usernoise/changelog/ 27403 96000 XSS 3.7.9 platinum_seo_pack.php s Parameter Reflected XSS 97263 1.3.8 Design Approval System 3.6 - XSS Vulnerability http://seclists.org/bugtraq/2013/Sep/54 http://packetstormsecurity.com/files/123227/ 2013-5711 97279 3.7 XSS Event Easy Calendar 1.0.0 - Multiple Administrator Action CSRF 97042 http://packetstormsecurity.com/files/123132/ CSRF Event Easy Calendar 1.0.0 - Multiple Unspecified XSS 97041 http://packetstormsecurity.com/files/123132/ XSS Bradesco - falha.php URI Reflected XSS 97624 2013-5916 http://packetstormsecurity.com/files/123356/ XSS Social Hashtags 2.0.0 - New Post Title Field Stored XSS 98027 http://packetstormsecurity.com/files/123485/ XSS Simple Flickr Display Username Field Stored XSS 97991 XSS Lazy SEO 1.1.9 - lazyseo.php File Upload Arbitrary Code Execution http://packetstormsecurity.com/files/123349/ http://xforce.iss.net/xforce/xfdb/87384 97662 2013-5961 28452 UPLOAD SEO Watcher - Open Flash Chart Arbitrary File Creation Vulnerability http://packetstormsecurity.com/files/123493/ 55162 UPLOAD All in One SEO Pack <= 2.3.0 - XSS Vulnerability 98023 2013-5988 http://archives.neohapsis.com/archives/bugtraq/2013-10/0006.html http://packetstormsecurity.com/files/123490/ http://www.securityfocus.com/bid/62784 55133 2.3.0.1 XSS Simple Dropbox Upload - Arbitrary File Upload Vulnerability http://packetstormsecurity.com/files/123235/ http://xforce.iss.net/xforce/xfdb/87166 54856 2013-5963 1.8.8.1 UPLOAD WP Ultimate Email Marketer - Multiple Vulnerabilities 53170 MULTI miniAudioPlayer - Two XSS Vulnerabilities 54979 http://packetstormsecurity.com/files/123372/ XSS Custom Website Data - XSS Vulnerability 54865 XSS Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability 97481 54894 2013-5962 28377 http://packetstormsecurity.com/files/123303/ http://xforce.iss.net/xforce/xfdb/87172 3.3.4 UPLOAD LBG Zoominoutslider - XSS Vulnerability http://packetstormsecurity.com/files/123367/ XSS Woopra - Remote Code Execution http://packetstormsecurity.com/files/123525/ RCE fGallery_Plus - XSS http://packetstormsecurity.com/files/123347/ XSS NOSpamPTI 2.1 - Blind SQL Injection 28485 2013-5917 http://packetstormsecurity.com/files/123331/ SQLI Comment Attachment 1.0 - XSS Vulnerability http://packetstormsecurity.com/files/123327/ XSS Mukioplayer 1.6 - SQL Injection http://packetstormsecurity.com/files/123231/ SQLI Encrypted Blog 0.0.6.2 - XSS, Open Redirect http://packetstormsecurity.com/files/122992/ XSS Simple Login Registration 1.0.1 - XSS http://packetstormsecurity.com/files/122963/ XSS Post Gallery - XSS http://packetstormsecurity.com/files/122957/ XSS ProPlayer 4.7.9.1 - SQL Injection 25605 93564 SQLI Booking Calendar 4.1.4 - CSRF Vulnerability 27399 96088 http://wpbookingcalendar.com/ CSRF 4.1.6 ThinkIT 0.1 - Multiple Vulnerabilities 27751 96515 http://packetstormsecurity.com/files/122898/ MULTI Quick Contact Form Plugin 6.0 - Persistent XSS 28808 http://quick-plugins.com/quick-contact-form/ XSS Email Newsletter 8.0 - 'option' Parameter Information Disclosure Vulnerability http://www.securityfocus.com/bid/53850 IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities 24867 91625 MULTI IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection 24868 91623 SQLI Booking System - events_facualty_list.php eid Parameter Reflected XSS 96740 XSS JS Restaurant - popup.php restuarant_id Parameter SQL Injection 96743 http://packetstormsecurity.com/files/122316/ SQLI FlagEm Plugin - flagit.php cID Parameter XSS 98226 http://www.securityfocus.com/bid/61401 http://xforce.iss.net/xforce/xfdb/85925 http://packetstormsecurity.com/files/122505/ XSS Chat - message Parameter XSS 95984 54403 XSS Shareaholic - Unspecified CSRF 96321 54529 CSRF 7.0.3.4/fixed_in>