- It should not be possible for an attacker to inject AngularJS expressions by using curly braces. The application needs to either treat curly braces in user input as highly dangerous or avoid server-side reflection of user input entirely.
- WordPress Plugin Social Share Button Cross-Site Scripting (2.1)
- WordPress Plugin WordPress Download Manager 'cid' Parameter Cross-Site Scripting (2.2.2)
- SMB Administrator account without password
- WordPress Plugin WordPress Calls to Action Multiple Vulnerabilities (2.3.7)
- WordPress Plugin ToolPage Cross-Site Scripting (1.6.1)