WordPress is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input data. Exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks. WordPress 2.3.3 is vulnerable; other versions may also be affected.
Update to WordPress version 2.5.1 or latest
WordPress Plugin Read and Understood Multiple Vulnerabilities (2.1)
WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter SQL Injection (188.8.131.52)
WordPress Plugin MP3 Audio Player for Music, Radio & Podcast by Sonaar Cross-Site Scripting (3.0.1)
WordPress Plugin UPM Polls 'qid' Parameter SQL Injection (1.0.3)