- WordPress is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks. WordPress versions prior to 3.1.1 are vulnerable.
- Update to WordPress version 3.1.1 or latest
- WordPress Plugin WP-Download 'dl_id' Parameter SQL Injection (1.2)
- WordPress Plugin Collision Testimonials 'admin.php' SQL Injection (3.0)
- WordPress Plugin CP Image Store with Slideshow Arbitrary File Download (1.0.5)
- WordPress Cross-Site Scripting Vulnerability (3.9.3 - 4.2)
- WordPress Plugin Evarisk 'ajax.php' SQL Injection (126.96.36.199)