Drupal Core is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently access uploaded files or republish previously unpublished comments. Drupal Core versions 5.x ranging from 5.0 and up to and including 5.22 are vulnerable.
Update to Drupal Core version 5.23 or latest
WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Security Bypass (18.104.22.168)
WordPress Plugin Article Directory Redux Cross-Site Scripting (1.0.2)
WordPress Plugin bodi0`s Easy cache Cross-Site Scripting (0.8)
WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (4.9.1)