- Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin Custom Contact Forms that would allow a user with no administrative privileges to download and modify your database remotely (no authentication required).
- Upgrade to the latest version of Custom Contact Forms (this problem was fixed in version 184.108.40.206).
- WordPress Plugin ClickDesk Live Support-Live Chat-Help Desk Cross-Site Scripting (4.2)
- WordPress Plugin All In One Schema.org Rich Snippets Cross-Site Scripting (1.4.4)
- WordPress Plugin ForumConverter SQL Injection (1.11)
- Drupal Core 7.x Remote Code Execution (7.0 - 7.57)
- WordPress Plugin MailChimp for WordPress Cross-Site Scripting (4.0.10)