- Movable Type versions <= 6.0.6 and <= 5.2.11 are susceptible to LFI (local file inclusion) attacks due to a vulnerability of Storable perl module. It allows an attacker to include a file and run any perl script the web server.
- Upgrade to the latest version of Movable Type. Movable Type 5.0x and 5.1x has reached End of Life and is no longer supported. For users that are running any version of 5.0x and 5.1x, please upgrade to Movable Type 5.2.12.
- WordPress Plugin WP Super Cache PHP Code Injection (1.2)
- Moveable Type 4.x unauthenticated remote command execution
- Invision Power Board version 3.3.4 unserialize PHP code execution
- WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)
- WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)