- WordPress is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process; this may result in total compromise of the web server. WordPress versions prior to 1.5.2 are vulnerable.
- Update to WordPress version 1.5.2 or latest
- WordPress Plugin AVH Extended Categories Widgets Unspecified Vulnerability (4.0.2)
- WordPress Plugin yolink Search for WordPress Cross-Site Scripting (2.5)
- WordPress Plugin Timed Popup Cross-Site Request Forgery (1.3)
- WordPress Plugin Shopping Cart Multiple SQL Injection and Arbitrary File Upload Vulnerabilities (8.1.14)
- WordPress Plugin Pay With Tweet SQL Injection and Cross-Site Scripting Vulnerabilities (1.1)