- Marc-Alexandre Montpas reported a security issue in the popular WordPress plugin Custom Contact Forms that would allow a user with no administrative privileges to download and modify your database remotely (no authentication required).
- Upgrade to the latest version of Custom Contact Forms (this problem was fixed in version 18.104.22.168).
- WordPress Plugin FireStats Arbitrary File Download (1.6.5)
- WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Upload (2.4.1)
- WordPress 3.9.x Same Origin Method Execution (SOME) Vulnerability (3.9 - 3.9.11)
- WordPress Plugin WPtouch 'wptouch_settings' Parameter Cross-Site Scripting (1.9.20)
- WordPress Comment Post Cross-Site Scripting Vulnerability (2.0 - 2.0)