- This script is possibly vulnerable to remote XSL inclusion. The path to the XSL file can be controlled by the attacker. Therefore, it's possible to include malicious XSL files.
- Edit the source code to ensure that input is properly validated. Where is possible, it is recommended to make a list of accepted filenames and restrict the input to that list.
- WordPress Plugin Ajax Pagination (twitter Style) Local File Inclusion (1.1)
- WordPress Plugin Eventify-Simple Events 'npath' Parameter Remote File Include (1.7.g)
- WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)
- WordPress Plugin Site Editor-WordPress Site Builder-Theme Builder and Page Builder Local File Inclusion (1.1.1)
- WordPress Plugin Relocate Upload 'abspath' Parameter Remote File Include (0.14)