- WordPress is prone to multiple vulnerabilities, including remote code execution, security bypass and open redirect vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary code with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data, to compromise a vulnerable system, to perform otherwise restricted actions and subsequently create posts "written by" another user or to redirect users to arbitrary web sites and conduct phishing attacks. WordPress versions prior to 3.6.1 are vulnerable.
- Update to WordPress version 3.6.1 or latest
- WordPress Plugin WP RSS Multi Importer Multiple Cross-Site Request Forgery Vulnerabilities (3.11)
- Joomla! Core 2.5.x Security Bypass (2.5.0 - 2.5.2)
- WordPress Plugin Olimometer SQL Injection (2.56)
- WordPress Plugin YAWPP (Yet Another WordPress Petition Plugin) SQL Injection (1.2)
- WordPress Plugin Form Manager Remote Command Execution (1.7.2)