- MediaWiki version older than 1.22.2, 1.21.5 and 1.19.11 are affected by a remote code execution vulnerability if file upload support for DjVu is enabled (natively supported by MediaWiki) or PDF file upload support is enabled (in combination with the PdfHandler extension). Neither file type is enabled by default in MediaWiki installations. If you are affected, we strongly urge you to update immediately.
- Update to the latest version of MediaWiki.
- WordPress Plugin GarageSale Cross-Site Scripting (1.2.2)
- WordPress Plugin Portfolio by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (2.27)
- WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Cross-Site Scripting (1.7.18)
- WordPress Multiple Vulnerabilities (0.70 - 3.6.1)
- WordPress Plugin Global Content Blocks Cross-Site Request Forgery (2.1.5)