- The character encoding (charset) of this page is dirrectly controlled by user input. The charset can be specified in the Content-Type header or in a meta tag declaration. If an attacker can control the response charset, they could manipulate the HTML to perform XSS or other attacks.
- It's recommended to force UTF-8 in charset declarations. If the user must control the charset, make sure you are using a whitelist of accepted charsets.
- WordPress Plugin WP Marketplace TimThumb Arbitrary File Upload (1.1.0)
- Unrestricted file upload
- WordPress Plugin Gmedia Gallery-Photo Gallery, Image Slider, Music Player, Video Player, Media Library Arbitrary File Upload (1.2.1)
- WordPress Plugin Ninja Forms-The Easy and Powerful Forms Builder Multiple Vulnerabilities (3.3.13)
- File tampering