- WordPress Plugin Direct Download for Woocommerce is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin Direct Download for Woocommerce version 1.15 is vulnerable; prior versions may also be affected.
- Disable the plugin until a fix is available
- WordPress Plugin WP Symposium Open Redirect (13.12)
- VMware directory traversal and privilege escalation vulnerabilities
- WordPress Plugin Buddy Share It Allusers FB YR Arbitrary File Upload (3.2.8)
- ColdFusion 8 FCKEditor file upload vulnerability
- WordPress Plugin Grapefile File Sharing 'grapeupload.php' Arbitrary File Upload (1.1)