- WordPress Plugin DB Backup is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin DB Backup version 4.5 is vulnerable; prior versions may also be affected.
- Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
- WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)
- WordPress Plugin Pretty Link Lite Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.5.2)
- WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)
- WordPress Plugin FourSquare Checkins Cross-Site Request Forgery (1.2)
- WordPress Plugin Appointments PHP Object Injection (2.2.1)