This alert was generated using only banner information. It may be a false positive.
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
- Upgrade to the latest version of PHP.
- WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)
- WordPress Plugin Zingiri Web Shop Cross-Site Scripting (2.4.2)
- WordPress Plugin DukaPress Directory Traversal (2.5.2)
- WordPress Plugin Ultimate Member-User Profile & Membership Information Disclosure (1.2.5)
- WordPress 'get_edit_post_link()' and 'get_edit_comment_link()' Multiple Eavesdropping Vulnerabilities (0.6.2 - 2.6)