- The <strong>src</strong> parameter for one <strong>script</strong> tag from this page is partially controlled by user input. This behavior can potentially lead to various security issues, in some cases it could be possible to conduct <strong>Reverse Clickjacking</strong> attacks.
- Your script should properly sanitize user input. The user input should be properly escaped before being used to construct the script URL.
- WordPress Plugin WordPress Comments Import & Export CSV Injection (2.0.4)
- WordPress Plugin DP Thumbnail TimThumb Arbitrary File Upload (1.0)
- File tampering
- WordPress Plugin MediaRSS external gallery TimThumb Arbitrary File Upload (0.1)
- WordPress Plugin User Photo 'user-photo.php' Arbitrary File Upload (0.9.4)